Featured Case Study:
Xiao Mi ISO Certifications with Privasec
Empowering Excellence - Xiao Mi’s Globalisation with Internationally Recognised ISO Certifications
Xiao Mi is a dynamic and innovative technology organisation operating across three diverse business segments: Hardware, E-commerce and new Retail, and Internet Services. Recognising the importance of information security, privacy assurance and robust vendor management, Xiao Mi sought to fortify its practices through certifications.
Over the years, Xiao Mi has achieved and maintained a variety of ISO Certifications – ISO 27001, ISO 27018 and ISO 27701, across diverse business units, encompassing its flagship MIUI mobile platform, IoT and sales & services businesses.
Objectives
Scaling for global operations, Xiao Mi established an International Operations Center in Singapore to meet data compliance requirements of international users. The establishment of international business operations ensures the isolation of domestic China and overseas user data permissions. Xiao Mi’s ISO certification has also been adjusted accordingly to meet the needs of its international users with a goal to ensure security and privacy compliance of Xiao Mi’s business operation and maintenance.
BRIEF
This case study highlights Privasec’s engagement with Xiao Mi, and how Privasec provided ISMS maintenance and assistance for ISO 27001, ISO 27018 and ISO 27701 to help Xiao Mi attain its goal on information security and privacy compliance. Privasec worked closely with Xiao Mi to establish a robust information security and privacy framework. Through this collaboration, Privasec guided Xiao Mi in fortifying its security posture and compliance efforts, which positioned Xiao Mi as a responsible and privacy-conscious industry leader. Read on to find out more about how Xiao Mi elevates its security posture and attains internationally recognised certifications in preparation for globalisation.
The Engagement
The engagement encompasses strategic guidance to improve Xiao Mi’s information security and privacy management systems, with a focus on supplier data security assessments and Privacy Impact Assessment (PIA) requirements. Privasec guided Xiao Mi through a comprehensive engagement that significantly enhanced information security, privacy, and overall compliance.
Adopting a tailored approach, Privasec facilitated the establishment of a fully functional ISMS aligned with the ISO 27001 standards, covering both the Singapore and Netherlands offices. Furthermore, Privasec assisted XiaoMi’s international MIUI business in the attainment of ISO/IEC 27001 and ISO 27018 Certification, underscoring the commitment to robust privacy protection.
KEY OBJECTIVES
Attainment of internationally recognised certifications for global business operations and demonstrate commitment to isolation of domestic and international user data
Rooted in the imperative to meet rigorous security and privacy compliance prerequisites for its global user base, Xiao Mi established an International Operations Centre in Singapore. As the epicentre for international business operations, this strategic centre symbolised a resolute dedication to data security, with the objective of ensuring total permission isolation for both domestic and overseas user data.
Meticulously aligned with the ethos of security and privacy, the attainment of the internationally recognised ISO standards for this International Operations Centre, echoes Xiao Mi’s unwavering commitment to not only fulfilling compliance mandates but also ensuring the trust and confidence of its international audience.
THE Result
Through this, Xiao Mi addressed the imperative of providing heightened data security and privacy protection, thus fortifying its position as a trusted technology leader in the global market.
Harmonisation of ISO Certification for International Users - Establishing a common system to address business impacting risk to Xiaomi from an information security, vendors, and privacy viewpoint
With pre-existing ISO Certifications across specific business units, Xiao Mi endeavoured to establish a comprehensive framework to elevate security and adherence to regulatory standards internationally. This engagement centred around the inception of an Integrated Management System (IMS), encompassing the certification of ISO 27001 for the Singapore and Netherlands offices and extending its purview to encompass information security, cloud security, and privacy-related elements within a unified management system. For its international endeavours, Xiao Mi adopted the ISO 27018 Certification for the safeguarding of Personal Identifiable Information (PII) within cloud storage for its global operations and the ISO 27701 Certification to establish a robust Privacy Information Management System (PIMS) for its international IoT and sales service activities.
THE RESULT
Xiao Mi established an all-encompassing system that seamlessly integrated critical security and compliance components, reflecting its commitment to preserving data integrity across various facets of its operations and business units to facilitate globalisation expansion.
Continual vendor management, encompassing thorough due diligence during vendor onboarding and consistent monitoring of vendor risk profiles.
In today’s landscape of ever-present threat with data breaches and security vulnerabilities emerging from third-party engagements, Xiao Mi recognises the critical necessity for a vigilant approach to vendor management. With the increasing complexity of vendor relationships and their potential impact on overall operations, Xiao Mi embraced an ongoing commitment to comprehensively manage vendor risks. To fortify this effort, in this engagement, an end-to-end assessment of Xiao Mi’s existing vendor management framework was conducted, aligning it with the dynamic needs of the business. Review processes was also embedded within the components of the Integrated Management Systems (IMS), ensuring that vendor risks were seamlessly incorporated into the overarching risk management.
THE RESULT
Through continuous due diligence during vendor onboarding and the diligent tracking of vendor risk profiles, Xiao Mi reaffirmed its dedication to safeguarding its operations and data by staying ahead of potential risks. This proactive approach and seamless integration within the IMS, exemplifies Xiao Mi’s commitment to not only vendor management excellence but also the broader goal of achieving a holistic security posture.
Conclusion
In the pursuit of showcasing unwavering security assurance to its international audience, it is our honour to support Xiao Mi as they embarked on this strategic journey to attain internationally recognised ISO Certifications and reaffirming its commitment to safeguarding user information.
By establishing a fortified data infrastructure and harmonising security practices, this engagement underscores Xiao Mi’s strides toward becoming a reliable and responsible global technology leader.
Want to Become ISO Certified?
Get on your way to obtain the ISO 27001, ISO 27018 and ISO 27701 certification today.
Contact a Privasec consultant to get a detailed understanding of the Plan-Do-Check-Act ISMS cycle.
Our Credentials
