Hikvision Earns ISO/IEC 29147 and ISO/IEC 30111 Certification for Vulnerability Management

Global Cybersecurity Leader Hikvision Achieves BSI Standards for Vulnerability Management Practices

Hikvision remains dedicated to delivering secure, reliable, and intelligent products and solutions to customers worldwide. In February 2026, Hikvision announced it has been awarded ISO/IEC 29147:2018 and ISO/IEC 30111:2019 certification by the British Standards Institution (BSI), a globally recognised standards and certification body. This achievement endorses that Hikvision’s vulnerability management practices align with international standards, ensuring a structured framework for security across the full product lifecycle.

Hikvision Endorsed by BSI for International Vulnerability Management Standards

The recent audit by the BSI highlighted Hikvision’s ongoing commitment to robust vulnerability management and cybersecurity governance. By aligning with these standards, Hikvision demonstrates its ability to operate a structured and traceable mechanism for receiving, assessing, and responding to security weaknesses.

This milestone reinforces Hikvision’s role in strengthening global cybersecurity trust and reducing user risks across the digital supply chain.

Understanding ISO/IEC 29147 and ISO/IEC 30111

Jointly developed by the ISO and IEC, these standards provide a comprehensive framework for security.

ISO/IEC 29147:2018 – External Vulnerability Disclosure This standard defines the external interface of vulnerability management. It:

• Standardises how organisations receive vulnerability reports from external researchers.

• Governs how companies communicate and disclose information to the public.

• Ensures the disclosure process is timely and transparent.

ISO/IEC 30111:2019 – Internal Vulnerability Handling This standard specifies the internal engineering processes for effective resolution. It focuses on:

• Investigation and analysis of reported vulnerabilities.

• Remediation and verification of security flaws.

• Ensuring vulnerabilities are managed through internal engineering to ensure effective resolution.

Compliance with Global Regulatory Expectations

Hikvision’s certified procedures comply with stringent international requirements at a time when global regulatory expectations are evolving. This includes the European Union’s Cyber Resilience Act (CRA), which mandates:

• Robust vulnerability disclosure practices.

• Effective remediation throughout the lifecycle of connected products.

• High standards for safety and intelligent decision-making.

A Long-Term Commitment to Responsible Vulnerability Management

Hikvision has long prioritised security as a core element of its product development and corporate strategy:

• Hikvision Security Response Center (HSRC): Established in 2014 to manage the receipt and disclosure of security vulnerabilities globally.

• CVE CNA Partner: In 2018, Hikvision became a CVE Partner to work closely with security researchers to rapidly identify and patch vulnerabilities.

• CyberSafe Experience Center: Opened in 2023 in the Netherlands, this center offers visitors clear insight into its vulnerability management practices.

FAQ.

What is ISO/IEC 29147?

It is an international standard that defines the external interface of vulnerability management, standardising how organisations receive and disclose vulnerability reports.

What is ISO/IEC 30111?

This standard specifies internal engineering processes for the investigation, analysis, remediation, and verification of reported vulnerabilities.

How does Hikvision manage new vulnerability reports?

Reports are managed through the Hikvision Security Response Center (HSRC), which has matured over the past decade to support global regulatory requirements.

Why are these certifications important for digital transformation?

They build trust and enable safe AI adoption across industries by ensuring that AIoT and automation technologies remain secure and reliable.