- What are Dahua’s standards for cybersecurity?
Dahua maintains extremely high standards to protect the security and privacy protections of its customers’ data. Dahua has an internal, cross-functional team (the Dahua Cybersecurity Committee or DHCC) that has responsibility for reporting security vulnerabilities, providing timely notice of vulnerabilities to customers, and sharing cybersecurity knowledge and best practices with customers. It also maintains a Cybersecurity Lab that has developed a robust 7-module baseline standard of security to provide protection during device operation and remote access. The Cybersecurity Lab also has developed a standard process to design and validate the cybersecurity features of new products with the expert assistance of the highly regarded Synopsys Technology.
Our software development processes continue to evolve in order to promote better security by design. We maintain a Secure Software Development Lifecycle program and actively cooperate with third party organizations in this area. We are certified ISO27001 and ISO27701 compliant (information security and privacy information management respectively) as well as ETSI EN 303645 (Security for consumer facing IoT).
As with all technology products, vulnerabilities are sometimes discovered in the products manufactured by Dahua and a limited number of vulnerabilities have been identified in certain Dahua products in the past. We have followed best practices in the industry for responding to them. Dahua was quick to publicize the vulnerabilities once they were discovered and has worked cooperatively with the United States Department of Homeland Security to assess the vulnerabilities and provide guidance to the marketplace, and promptly developed and issued patches. Dahua is not aware of any American customer who experienced a data breach in connection with any vulnerability in our products.