ISO/IEC 27001:2013 Certification:

The International Organization for Standardization (ISO) is an independent, non-governmental international organization. ISO/IEC 27001 is a security standard that outlines and provides the requirements for an information security management system (ISMS).

HERE is successfully sustaining a high level of performance securing our environments via systematically implementing and maintaining certification globally of ISO/IEC 27001 – Information Security Management. (https://www.iso.org/isoiec-27001-information-security.html)

SOC 2 Type 2 Attestation:

The SOC 2 is a report based on the Auditing Standards Board of the American Institute of Certified Public Accountants' (AICPA) existing Trust Services Criteria (TSC). The purpose of this report is to evaluate an organization’s information systems relevant to security, availability, processing integrity, confidentiality, and privacy.

HERE Technologies has achieved SOC 2 attestation of HERE Platform Foundation and Workspace. SOC 2 is a critical and rigorous audit that demonstrates to customers, prospective customers, and other interested parties that HERE has mature security and privacy capabilities.

Scope of ISO/IEC 27001:2013 and SOC2 Type 2

TISAX Assessment:

The ENX Association supports with TISAX (Trusted Information Security Assessment Exchange) on behalf of VDA the common acceptance of Information Security Assessments in the automotive industry. The TISAX Assessments are conducted by accredited audit providers that demonstrate their qualification at regular intervals. TISAX and TISAX results are not intended for general public.

For HERE Technologies confidentiality, availability and integrity of information have great value. We have taken extensive measures on protection of [sensitive and/or confidential] information. Therefore, we follow the question catalogue of information security of the German Association of the Automotive Industry (VDA ISA). The Assessment was conducted by an audit provider, in this case the TISAX audit provider (TÜV SÜD Management Service GmbH). The result is exclusively retrievable over the ENX Portal.

Scope ID: S2LV52
Assessment ID: A5VLH5-4

CSA STAR LEVEL 1 Self-Assessment:

HERE Technologies participates in The Security Trust Assurance and Risk (STAR) Program. HERE has completed and maintains a CSA STAR Level 1 Self-Assessment.

CSA STAR Self-Assessment is a complimentary offering that documents the security controls provided by various cloud computing offerings, thereby helping users assess the security of cloud providers they currently use or are considering using. Cloud providers submit a completed Consensus Assessments Initiative Questionnaire (CAIQ) to document compliance with the Cloud Controls Matrix (CCM). This information then becomes publicly available, promoting industry transparency and providing customer visibility into specific provider security practices. STAR Self-Assessments are updated annually.

The STAR registry documents the security and privacy controls provided by popular cloud computing offerings. This publicly accessible registry allows cloud customers to assess their security providers in order to make the best procurement decisions.