Hikvision announced it has been awarded ISO/IEC 29147:2018 and ISO/IEC 30111:2019 certification by the British Standards Institution (BSI), a globally recognized standards and certification body. The achievement endorses that Hikvision’s vulnerability management practices aligns with the international standards.
About ISO/IEC 29147 and ISO/IEC 30111
Jointly developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), ISO/IEC 29147 and ISO/IEC 30111 provide a structured framework for vulnerability management across the full product lifecycle.
ISO/IEC 29147:2018 defines the external interface of vulnerability management. It standardizes how organizations receive vulnerability reports from external researchers and how they communicate and disclose information to the public, ensuring the process is timely and transparent.
ISO/IEC 30111:2019 specifies internal engineering processes for the investigation, analysis, remediation, and verification of reported vulnerabilities to ensure effective resolution.
Strengthening Global Cybersecurity Trust
The BSI audit highlighted Hikvision’s ongoing commitment to robust vulnerability management and cybersecurity governance. By aligning with these standards, Hikvision demonstrates its ability to:
- Operate a structured and traceable mechanism for receiving, assessing, and responding to security weaknesses.
- Utilize automated tools to enhance the speed and accuracy of vulnerability processing.
- Reduce user risks and enhance trust across the global supply chain by delivering secure products and services
This certification comes at a pivotal time as global regulatory expectations evolve. Hikvision’s certified procedures comply with stringent international requirements, including the European Union’s Cyber Resilience Act (CRA), which mandates robust vulnerability disclosure and remediation practices throughout the lifecycle of connected products.
A Long-Term Commitment to Responsible Vulnerability Management
Hikvision has long prioritized security as a core element of its product development and corporate strategy.
- In 2014, the company established the Hikvision Security Response Center (HSRC) to manage the receipt, processing, and disclosure of security vulnerabilities globally.
- In 2018, Hikvision became a CVE CNA (CVE Partner) working closely with security researchers worldwide to rapidly identify, patch and publicly disclose vulnerabilities as part of its responsible disclosure practices.
- In 2023, Hikvision opened its CyberSafe Experience Center in Hoofddorp, the Netherlands, where it conducts regular vulnerability scans on its products and offers customers, partners, and visitors clear insight into its vulnerability management practices.
Over the past decade, the company has continued to mature its vulnerability handling system to not only support compliance with global regulatory requirements, but also leverage automation to improve response efficiency and product security.
By implementing the ISO/IEC 29147 and ISO/IEC 30111 frameworks, Hikvision continues to optimize this system, deepening its collaboration with the global community of security researchers. Hikvision remains dedicated to delivering secure, reliable intelligent products and solutions to customers worldwide. To learn more about Hikvision’s cybersecurity efforts.
For more information, please visit us at www.hikvisionindia.com