This action might not be possible to undo. Are you sure you want to continue?
General Operations & Maintenance Rules & Regulation
HUAWEI TECHNOLOGIES CO., LTD.
All rights reserved
1. Service Delivery Security Specifications
HUAWEI TECHNOLOGIES CO., LTD.
All rights reserved
In managed service projects. 4. and sensitive areas (such as government and military areas). network management center. In migration projects. the devices containing storage media must be checked to ensure that all sensitive data or authorized software have been removed or safely overridden before the destruction.1. 3. 5. HUAWEI TECHNOLOGIES CO. 2. irrelevant personnel can only access the site by showing the customer's written consent. Especially. engineers are prohibited to operate the other vendors' equipment in the customer's customer s equipment room. and managed service projects when other vendors’ equipment is within the scope of Huawei’s operational responsibilities. the destruction and return of old equipment should comply with the customer's customer s requirements. except in the case of equipment swap. office areas. auxiliary equipment provided by Huawei. The history record should be retained or maintenance according to the customer's requirement. Engineers are prohibited to disclose the password of the access control system of the sites to other people or duplicate the key to the equipment room without permission. All rights reserved Page 3 .. the responsible employee should report the loss to the customer promptly for filing. LTD. The complete record of assets that are received from the customer should be available to ensure the assets integrity. During the service. If the key is lost. engineers must follow customer or organization’s organization s management regulations. When entering or leaving the customer's equipment room.1 Physical and Environmental Security 1.
and edit on the programs. 2. customers must be informed of the risks of installing such software or tools. and logs on the customer equipment or modify network equipment connections without the customer customer's s permission. It is prohibited to use digital or common cameras (including video cameras and cameras embedded in mobile phones) at customer's site without customer's permission. 4. returning equipment to production environment. RF survey. 3. configuration files. the implementation of the actions described above should be in compliance with the process confirmed with the customer.1. After on-site service. 5. In managed service projects. and microwave survey. Engineers are prohibited to install temporary software or tools on customer equipment without the customer's customer s permission. the permission of government and military authorities must be obtained. During site acquisition. if it is required to take photos of sensitive areas (government and military areas). All rights reserved Page 4 . data. It is required to check whether any irrelevant software or document exists on the equipment before the commissioning. delete temporary software and tools that customer permitted to install. Engineers are prohibited to perform operations including inquiry. Engineers should ensure that all photos and moving pictures that are taken and captured in Huawei area do not contain any customer information. LTD.. In necessary cases. copy. HUAWEI TECHNOLOGIES CO.2 Communications and Operation Security 1.
Before performing risky operations including software upgrade. 8 8. 7 7. If it is required to operate the third-party equipment or make changes on the equipment. such as playing online games or visiting websites that are irrelevant to work. LTD. ipment the engineer must m st communicate comm nicate the content of the operations to the customer in written form. Content of operations (MOP) should be based on factual data from lab network environment or test network. 9. All rights reserved Page 5 . Engineers E i should h ld operate t and d maintain i t i th the thi third-party d t equipment i t according di t to the th responsibility ibilit matrix. The operations can be performed only after the customer's consent is obtained. Engineers E i should h ld not t use customers' t ' networks t k to t implement i l t activities ti iti that th t are irrelevant i l t to t their th i work. important hardware replacement and net ork str network structure ct re change on c customer stomer eq equipment. HUAWEI TECHNOLOGIES CO. The test account and balance information created in commissioning can be retained only if the customer requires retaining such information and signs as confirmation.1.2 Communications and Operation Security 6.. the responsible engineer should report the application according to the business process.
All rights reserved Page 6 . and portable hard disk) to customer networks without prior written permission from the customer. during g the modification or upgrade process.. the devices and media to be connected must be checked against the ost recent ece t virus us library b a y to e ensure su e t that at t the e de devices ces o or t the e media ed a do not ot ca carry ya any y virus us o or Trojan oja most program. Engineers g should avoid operating p g customer's network equipment q p during g sensitive communications assurance periods (by default. p 17. CD-RW. Engineers should avoid operating customer's network equipment during peak hour (0600 – 0000 hour) 18 If customer insist to operate the network during peak hour 18. 15. major meetings. Regarding g g equipment q p and systems y that store customer information. Engineers are prohibited to modify the third-party security software during the usage without the permission of the customer's security p y management g department. In necessary cases. . 16. 14. .1. engineers should back up and save data according to the maintenance requirements. RW UU disk. periodically p y back up p the system y and data on the equipment. In managed service projects. Engineers are required to remind the customers to check whether the equipment logs are correctly g basis. LTD. and special periods required by the customer). hour. engineers must ensure that the information is not deleted or corrupted. L1 engineer should inform CS manager / Director HUAWEI TECHNOLOGIES CO. the periods are important festivals. q p . 13. and recorded on a regular properly store the backup data.2 Communications and Operation Security 12 Engineers are prohibited to connect personal portable devices or storage media (such as CD 12.
3 3. HUAWEI TECHNOLOGIES CO. LTD.4 Engineers must use the designated IP address to access the customer network for maintenance operations to avoid the IP address conflict. In managed service projects. Before B f engineering i i handover.3.3 Access Control 1. ensure the complexity of the passwords. Engineers E i should h ld remind i d th the customers t t to set t necessary operation ti and d access permission i i according to the principles of authorization and domain based on management. Huawei is responsible for maintaining accounts and passwords according to the requirement in section 1. The handover list should include the handover of passwords and should be signed by the customer for confirmation after the customer changes the passwords. 4. engineers should ensure that every relevant person has unique user ID and password that can be used only by that person. In addition. the administrator passwords with appropriate complexity must be set promptly on the installed servers and terminal devices.. During equipment commissioning. 6 6.3 and 1.3. 2 2. 5. All rights reserved Page 7 . h d th engineers the i should h ld change h th the passwords d used dd during i commissioning. and clear all the accounts of the equipment to delete inactive accounts on a regular basis. Customers should be reminded to update all the passwords of the equipment periodically.1.
All rights reserved Page 8 . the engineer must modify or delete the established 11. 10. remote service environment and login information in time and notify the customer to close the remote service environment on the equipment side. LTD. If it is necessary. login address. and must use the temporary account and password provided by the customer rather than the system's super user password. The customer should provide the access information (such as login name. 9. In addition. The retention of certain temporary information that is needed for future work must be approved by the customer in written form. must be performed after being approved by the customer. and dialing number) through phone call or encrypted email. HUAWEI TECHNOLOGIES CO. After the on-site or remote service. After on-site service. 8. Engineers can provide on-site service only with the customer's consent and presence on site. login password. Huawei engineers should use the terminal or remote maintenance software authorized by the customer to access the customer network. After remote commissioning or maintenance. if necessary.1.3 Access Control 7. on-site on site engineers should not perform operations outside the scope approved by the customer in advance. The operations outside the scope. Remote service can be provided only after the remote service request is submitted to and approved by the customer. the temporary information (such as process data and login accounts) in the service process should be cleared. the customer should sign on the service report to confirm that the login password has been changed..
LTD. the infected equipment must be . submit the solution to the customer for approval). such as installing firewalls and antivirus software. updating system patches. Huawei engineers should review the operation or service solution in advance and monitor the operation process (regarding critical operations. security and protective measures must be taken. If Internet access is mandatory mandatory. and re-connected to the networks after the virus is removed. the project team manages the on-site services and remote access provided by equipment vendors on behalf of the customer. and reinforcing the system. engineers should perform a complete antivirus check on the terminal to prevent virus from affecting normal network running. Once infected by virus.8 to 1.3 Access Control 12. Specifically. In a managed service project.3. 15. isolated. engineers should not connect the servers or maintenance terminals to the Internet Internet. The regulations and requirements specified in sections 1. never provide super user information to vendors' personnel. performing VLAN isolation.3. All rights reserved Page 9 . 14. 13.11 are not applicable to Managed Service projects. and promptly clear account information in the equipment and close the remote login environment after all operations are completed completed. HUAWEI TECHNOLOGIES CO. It is required to control the use of e-maps and marking of sensitive areas during the wireless network optimization. Before connecting the maintenance terminal to customer's network. When operating customer equipment..1. Engineers are prohibited to connect the equipment for maintaining customer's network to the Internet.
the data must be encrypted before being sent. . network optimization report. and subscriber information. technical specifications. network parameter design report. 3.. an owner of the data must be assigned assigned. KPIs. site equipment configuration. pipeline information. monitoring report. report The software used in equipment commissioning and software upgrade should be obtained from legitimate sources. Engineers are prohibited to spread or disclose the customer network information including BTS engineering parameter table. HUAWEI TECHNOLOGIES CO. If it is necessary to send the data to relevant personnel. network planning report. project Engineers are prohibited to disclose the customer's simulated upgrade data. IP addresses. LTD. frequency resources. 5.4 Information System Development and Maintenance 1. business features. Engineers are prohibited to spread or disclose the information involved in the service delivery. 6. networking scheme. network evaluation report. charging information. who should delete the data after the upgrade in time time. Engineers are prohibited to install the software such as the operating system or database purchased by the customer on the equipment that is not owned by the customer. During upgrade. equipment password. and network performance improvement report. Engineers are prohibited to spread or disclose the customer property information obtained at the site survey stage in Network Integration projects. including site location. 4. interconnection parameters. All rights reserved Page 10 2.1. acceptance report. It is also prohibited to use the equipment serial number and software license purchased by the customer for purposes irrelevant to the current project.
and training g experience that Huawei engineers contacted during the training delivery should be used in an effective and secure manner and within the minimum scope. 12. 9. Authorities related to these documents should be assigned hierarchically. When creating or processing trouble tickets in IT systems. . In managed service projects. and personnel and wage information) in the data center for data migration and maintenance purpose without permission. the customer personal information and tracking information for VIP experience tracking. staff structure. During the delivery process of network optimization service. Engineers g are p prohibited to spread p or disclose customer's information including g remuneration system. All rights reserved Page 11 .1. LTD. and fringe benefits that Huawei engineers contacted during the personnel transfer in managed service projects. HUAWEI TECHNOLOGIES CO. retain.4 Information System Development and Maintenance 7. the recipient scope of customer's customer s documents including statements and 11.p post.. and VIP regional network optimization must be used within specified scope and should not be spread or disclosed. 10. . VIP problem handling. The customer's p personal information including g name. Any spread or disclosure is prohibited. or even spread the data at the business layer (mails. engineers are prohibited to copy. . engineers should not enter the service account and password of the customer. contact information. office documents. 8. In Network Integration projects. network information documents must be strictly controlled.
All rights reserved Page 12 . HUAWEI TECHNOLOGIES CO. The cases of one operation's network can be shared in only the trainings for that operator and the information should not be disclosed to other accounts.. LTD.1.4 Information System Development and Maintenance 13.
notice. risks. Note: The permission must be granted with traceable evidences (in one of these forms: fax.. All rights reserved Page 13 . z z HUAWEI TECHNOLOGIES CO.1. subcontractor. email. and confirmed meeting minutes). on-site acknowledgment. and violations of any employee. and supplier discovered during service delivery should be reported to relevant security organization in time and informed to the customer after the analysis and decision decision-making making by the organization organization.5 Other Rules and Regulation z Employees (including third-party employees) need to be subject to the security training before implementing delivery works for accounts. awareness The security vulnerabilities. The employees should proactively study relevant management regulations and security accident cases during project delivery to increase the service delivery security awareness. LTD. voice record.
LTD.2. All rights reserved Page 14 . Responsibility and Chastisement HUAWEI TECHNOLOGIES CO..
chastisement is imposed based on one level higher than the level of the current violation. z z z HUAWEI TECHNOLOGIES CO. LTD. All rights reserved Page 15 .Chastisement Principle z The violations and chastisements are classified into three levels according to the consequences and natures t of f violations i l ti and d subjective bj ti elements l t of f violators. chastisement is imposed based on the highest level of violation among the multiple violations. For the violators who violate the regulations or requirements in this manual two or more times within one year.. i l t For the violators who violate multiple regulations or requirements stated in this manual at the same time. Information about the informants of violations is confidential and protected from public disclosure by Huawei.
Failing to well perform asset handover or recording as required by the customer. or remote access configuration before the formal handover to the customer or after the technical service is completed. Establishing the remote access environment without the customer's formal permission.1. 2. contract. business plan.. equipment account. LTD. 3. or not formally signing and confirming the change of account and password with the customer before the formal handover to the customer or after the technical service is completed. technical.2. Retaining the customer's important and confidential information (commercial. HUAWEI TECHNOLOGIES CO.1 Levels of Violations 3. 5. The violations include but are not limited to the following cases: 1. 4. 7. test data. Recording and spreading the customer's equipment account or password in explicit form without permission. 6 6. All rights reserved Page 16 . or not closing the remote access environment in time after the remote service is completed.1 Level-3 violation: For violations of minor gravity and not causing security accidents or customer complaints. Violating the management regulations of the customer or relevant organizations and entering the working area without permission. password. Not clearing test accounts. networking information. and subscriber information) without the customer's formal permission. Not requesting the customer to change the account or password.
z z z z z HUAWEI TECHNOLOGIES CO. copy. copy. and log files on the customer equipment without the customer's permission. data. The violations include but are not limited to the following cases: z Performing operations including inquiry. Using customers' networks to implement activities that are irrelevant to work when operating and maintaining customer equipment.2. data. Performing operations including inquiry. LTD.1 Level-3 violation: For violations of minor gravity and not causing security accidents or customer complaints. and edit on the programs. Failing to well perform asset handover or recording as required by the customer. and edit on the programs. Installing unnecessary software or tools on customer equipment without the customer's permission. configuration files.. Violating Vi l ti th the management t regulations l ti of f th the customer t or relevant l t organizations i ti and d entering t i th the working area without permission. configuration files. All rights reserved Page 17 . and log files on the customer equipment without the customer's permission.
z z z z z HUAWEI TECHNOLOGIES CO. contract.2 Level-2 violation: In the cases of intentionally collecting the account and password information about customer equipment. i i which hi h d does not t cause security it accidents id t or customer t complaints. which causes financial or reputation losses to the customer.2. data.. and subscriber information). configuration files. LTD. business plan. or extending the pre-assigned authority of the personal account without permission. The violations include but are not limited to the following cases: z Setting account and password. which causes financial or reputation losses to subscribers. Disclosing the customer's important and confidential information (commercial. password. or changing the account authority on the customer equipment without permission. Editing the programs. technical. and log files on the customer equipment without the customer's permission. equipment account. All rights reserved Page 18 . Intentionally stealing the accounts and passwords of the customer or subscribers. which does not cause financial or reputation losses to the customer or subscribers. Spreading and modifying the personal information about subscribers without permission. l i t Obtaining the accounts and passwords held by others. networking information. or violations of major gravity and causing security accidents or customer complaints complaints.
All rights reserved Page 19 . Intentionally y damaging g g the hardware. Performing risky operations including software upgrade. important hardware replacement. which cause huge losses to customers and Huawei. The violations include but are not limited to the following cases: z Setting information about recharge cards and account on the customer equipment to steal customer properties. and g on customer equipment q p without p permission. z z z HUAWEI TECHNOLOGIES CO. this causes huge financial or reputation losses to the customer or subscribers. customers. serious operation violation or intentionally damaging the communications equipment or computer systems of violation. this causes communications outage or faults. which causes network outage g network structure change or data loss. Intentionally stealing the confidential information about the customer and subscribers. software. The cases of violating the laws in China or the local countries are handed over to appropriate judicial organizations.3 Level-1 violation: In the cases of stealing customer properties..2. . or data configuration g of the customer's communications equipment and computer systems. intending to steal or disclose the confidential information about customers and subscribers. LTD. .
huawei.com .Thank You www.
This action might not be possible to undo. Are you sure you want to continue?