Confidence Center
Based on technology and governance capabilities Kingdee has garnered in the domains of security, privacy, and compliance,Kingdee Cloud provides a trustworthy, secure, and reliable platform for enterprise services.
International authoritative qualifications
Kingdee has planned and developed its products in compliance with the highest mandated international industry standards for network security and privacy protection and has undergone audits and received recognition from authoritative third-party certification bodies.
 ISO 27001

ISO/IEC 27001 is an internationally accepted and extensively implemented certification standard for information security management systems. This standard is focused on risk management and guarantees the effective and continuous operation of the organization’s information security management system through regular assessment of risks and the implementation of appropriate control measures.

ISO 27017

ISO/IEC 27017 is an international standard for securing cloud services. It is a practical standard for information security controls for cloud computing services and provides guidance on ISO/IEC 27002 for the cloud services industry. It utilizes the ISO/IEC 27001 standard to enhance the management capabilities of cloud service providers and customers effectively.

ISO 27018

The ISO/IEC 27018 standard is designed to provide a code of practical rules for personal identity information processors on the cloud to protect personally identifiable information (PII) in the public cloud from infringement. It is currently the most authoritative, stringent, and widely accepted and used international information security system certification.

ISO 27701

ISO/IEC 27701 extends ISO/IEC 27001 Information Security Management and ISO/IEC 27002 Security Controls for Privacy. This certification provides guidance on protecting the privacy of individuals (including how organizations should manage personal information) and assists in demonstrating compliance with international privacy regulations.

SOC1
The SOC audit report is an independent audit report issued by a third-party auditor in accordance with the relevant standards for the system and internal control of outsourcing service providers and has been developed by the American Institute of Certified Public Accountants (AICPA). The SOC 1 report assesses the controls associated with the financial reporting process.
SOC2

The SOC 2 report emphasizes the organization's internal operations and compliance and includes five control attributes: security, availability, process integrity, confidentiality, and privacy. Obtaining a Type I report reflects the reasonableness of the design of the organization's internal controls, while obtaining a Type II report reflects the effectiveness of the implementation of the measures during the reporting period.

CSA STAR

CSA STAR certification is an authoritative certification launched by the International Cloud Security Alliance (CSA) for the level of cloud security on a global scale. It is based on ISO/IEC 27001 certification and combined with the Cloud Security Control Matrix CCM and maturity model it can comprehensively assess an organization's cloud security management and technical capabilities.

ISO 9001

ISO 9001 is an international framework for quality management. As a guiding framework for the quality and operation of a company's products and services, it is a systematic framework for designing, implementing, and refining the entire process of product or service realization to ensure compliance with the needs of customers and applicable laws and regulations.

ISO 20000

ISO/IEC 20000 is an international service management standard for information technology. It provides a model for designing, establishing, implementing, operating, monitoring, reviewing, maintaining, and enhancing the service management system, to ensure that service providers can provide effective IT services to meet your requirements.

CMMI 5

CMMI software capability integration model evaluation and certification system is an international standard for measuring the R&D capability and project management capability of enterprises, covering product concept, planning, R&D, verification, and production and manufacturing of the whole life cycle process. Of which, CMMI5 is the highest level qualification certification of the system for the standardization, regularization and maturity of enterprise R&D management.

ISO 22301

The ISO22301, a Business Continuity Management System Certification, is a significant standard aimed at assisting organizations in establishing, implementing, operating, monitoring, reviewing, maintaining, and improving their business continuity. This certification is based on the International Standard GB/T30146/ISO22301 and constitutes an integral part of the organizations' overall management system.

这是文本内容
这是文本内容
Security, privacy and compliance issues that you may be concerned about
Is the Kingdee Cloud infrastructure sufficiently secure?
How does Kingdee Cloud secure my data on the cloud?
Is Kingdee Cloud transferring my data to other regions or countries?
What steps must I take as a multinational corporation to ensure compliance with privacy regulations such as the EU General Data Protection Regulation (GDPR)?
Currently, Kingdee Public Cloud is only deployed in mainland China. Personal information includes the employees’ name, mobile phone number, and receiving address in the Kingdee cloud service. Considering that privacy laws such as the EU GDPR will have restrictions on the transfer of personal information across borders, if you need to use the Kingdee Cloud service outside of China, you will be required to transfer some data, including personal information, across the border to the headquarters in China for aggregation and processing for enterprise management purposes. In this case, you are required to notify Kingdee in advance for cross-border security configuration, and you are required to sign a clear personal information collection and cross-border transfer authorization agreement with employees on the basis of basic security configuration (such as data encryption storage, desensitization display, encrypted transmission, etc.) on Kingdee Cloud, as well as the EU-approved Standard Contractual Clauses (SCC) signed by the EU branch and China headquarters. (See: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc). In addition, your company must implement a comprehensive security and privacy management system (including a privacy policy, a privacy statement, security and privacy organizations, data protection officer (DPO), a data protection impact assessment, a privacy disclosure notification process, a data subject power exercise mechanism, etc.) in accordance with the GDPR and other applicable privacy laws. Naturally, to reduce the compliance risk of data leakage and cross-border data transfer, we strongly recommend that you deploy the cloud service in your home country and centralize the transfer of personal information only to your China headquarters after de-identification through technical means.