HERE is successfully sustaining a high level of performance securing our environments via systematically implementing and maintaining certification globally. ISO/IEC 27001 is a security standard that outlines and provides the requirements for an information security management system (ISMS).
View our ISO/IEC 27001:2013 certification.
Specifies the requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS) in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002. PIMS-related requirements and guidance for PII controllers and PII processors holding responsibility and accountability for PII processing. HERE as PII Processor.
View our ISO/IEC 27701:2019 certification.
Establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in line with the privacy principles of ISO/IEC 29100 for the public cloud computing environment. It takes into consideration of regulatory requirements for the protection of PII which can be applicable within the context of the information security risk environment(s) of a provider of public cloud services.
View our ISO/IEC 27018:2019 certification.
Provides guidelines for information security controls applicable to the provision and use of cloud services for both cloud service providers and cloud service customers.
View our ISO/IEC 27017:2015 certification.
The SOC 2 is a report based on the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) existing Trust Services Criteria (TSC). The purpose of this report is to evaluate an organization’s information systems relevant to security, availability, processing integrity, confidentiality, and privacy.
HERE Technologies has achieved SOC 2 attestation of HERE Platform Foundation and Workspace. SOC 2 is a critical and rigorous audit that demonstrates to customers, prospective customers, and other interested parties that HERE has mature security and privacy capabilities.
The ENX Association supports with TISAX (Trusted Information Security Assessment Exchange) on behalf of VDA the common acceptance of Information Security Assessments in the automotive industry. The TISAX Assessments are conducted by accredited audit providers that demonstrate their qualification at regular intervals. TISAX and TISAX results are not intended for general public.
For HERE Technologies confidentiality, availability and integrity of information have great value. We have taken extensive measures on protection of [sensitive and/or confidential] information. Therefore, we follow the question catalogue of information security of the German Association of the Automotive Industry (VDA ISA). The Assessment was conducted by an audit provider, in this case the TISAX audit provider (TÜV SÜD Management Service GmbH). The result is exclusively retrievable over the ENX Portal.
Scope ID: S2LV52
Assessment ID: A5VLH5-4
A complimentary offering that documents the security and privacy controls provided by HERE's cloud computing offerings, thereby helping customers of our services assess our security. HERE has submitted a completed Consensus Assessments Initiative Questionnaire (CAIQ) to document compliance with the Cloud Controls Matrix (CCM). This information then becomes publicly available, promoting industry transparency and visibility into HERE's security practices.
A set of regulations that make it possible to create and maintain the necessary security conditions in the use of electronic media through measures that guarantee the security of systems, data, communications, and electonic services to facilitate the exercise of rights and fulfillment of duties through these media.
HERE has submitted Declaration of Conformity in the BASIC Category.