In September 2021, we established our Security Technology Committee to enhance internal coordination of the development and application of security technologies and strengthen our capability to analyse various types of incidents and risk protocols, thereby enabling us to respond swiftly and effectively to various threats and attacks.
We only collect the necessary and minimum data for the provision of our products and services, and keep the personal data of users strictly confidential and shall not leak, distort, damage, sell or illegally provide such information to others. We establish and improve the user information protection system by hierarchically managing the access rights of internal staff to ensure data security and prevent any leakage, damage, or loss of information. We provide an easy-to-use channel for employees to look up the Company’s data security policy through internal communication tools to timely confirm whether their behaviour meets the Company’s security policy requirements. When employees discover potential data security violations, they can report the cases through the internal communication tools or reporting system; once the violations are verified, the Company will take strict disciplinary measures. We provide privacy protection and data security training to all employees, including full-time, part-time and interns, to instil a long-term data security protection culture.
Tencent Engineering Group has a dedicated security team, which provides comprehensive security protection for our products and services with the technical support of Tencent Security Labs. By formulating comprehensive active and passive defence solutions, the team is able to actively improve basic security and layered defence detection capabilities; implement strict monitoring and timely alerts for security systems and databases; and formulate measures, such as blocking, regular monitoring and review, and traceability of abnormal behaviors. The security response team can operate timely passive defence and handling measures through a 24/7 emergency response mechanism. In addition, through the Tencent Security Response Centre, we work with security researchers and partners around the world to jointly defend and safeguard security.
Cloud Security
Tencent Cloud has established an efficient internal control system and strengthened its foundation in data security from the aspects of system process and control activities. Our Cloud Security Management System has also received accreditations globally. We apply our internal best practices in data security to Tencent Cloud’s security products and services, including the intelligent gateway, cloud firewall, DDoS (Distributed Denial-of-Service) protection, network intrusion protection, and anti-fraud. Tencent Cloud provides all-rounded security service offerings including identifying and deploying protection measures on physical security, virtualization security, network security, host security, data security, application security, business security, security audit and security management. With the evolution of cloud computing and security technologies, Tencent Cloud will continue to build an efficient security internal control system, enhance security compliance capabilities, and upgrade cloud security and big data security standards.
Tencent Cloud Security Certifications
- ISO 29151 Code of Practice for Personally Identifiable Information Protection
- ISO 27017 Code of Practice for Information Security Controls Based on ISO/IEC 27702 for Cloud Services
- C5 Audit
- ISO 27701 Extension to ISO/IEC 27001 and ISO/IEC 27002 for Privacy Information Management
- OSPAR Audit
- ISO 27001 Information Security Management Systems
- PCI DSS and TISAX Audit
- MPAA (Motion Picture Association of America)
- CSA STAR Cloud Security Management System Certification
- ISO 27018 Code of Practice for Protection of Personally Identifiable Information (PII) in Public Clouds Acting as PII Processors
- MTCS T3 Certification
- HIPAA (the Health Insurance Portability and Accountability Act)
- CSA STAR Cloud Security Management System Certification
- K-ISMS Certification
Game Security
Cheating and DDoS attacks are two major security threats faced by game companies worldwide, on top of the daily challenges to protect the security of user accounts, virtual properties, data, cloud gaming and to combat piracy. Leveraging our deep experience and know-how to tackle such threats, we launched the Tencent Game Security solution in 2021 to help game companies deal with the full spectrum of security threats in game operations. We also published the 2021 Game Security White Paper, which included an analysis of threats and recommended solutions.
FinTech
Our FinTech security team provides a variety of security solutions for enhancing users’ account security. We continue to conduct self-assessment, optimisation and standardisation of our financial products in accordance with applicable laws and regulations, including the Measures for the Supervision and Administration of Publicly-offered Securities Investment Fund Distributors, the Circular on Standardising the Retrospective Administration of Online Insurance Sales Practice, and the Measures for the Regulation of Internet Insurance Business. Our risk control system provides real-time monitoring 24/7 to ensure the safety of account funds. Users will be informed of any changes in the amount of funds immediately via mobile phone messages, email, and other means.
