HANGZHOU, China — January 30, 2026
Executive Summary
Hikvision Digital Technology has announced that it has been awarded ISO/IEC 29147:2018 and ISO/IEC 30111:2019 certifications by the British Standards Institution (BSI), a globally recognized standards and certification body. The certifications confirm that Hikvision’s vulnerability management framework aligns with internationally recognized standards governing the disclosure, investigation, remediation, and communication of security vulnerabilities across the product lifecycle. According to the company, the certification validates both its external vulnerability disclosure processes and its internal engineering workflows for handling reported vulnerabilities. The achievement reflects Hikvision’s continued focus on cybersecurity governance and structured vulnerability management as regulatory expectations for connected products continue to evolve globally.
Announcement Overview
Hikvision announced that it has successfully completed independent certification against two international standards—ISO/IEC 29147:2018 and ISO/IEC 30111:2019—following an audit conducted by the British Standards Institution. The certification assesses how organizations manage vulnerability disclosure and remediation across their products and services.
According to the company, the audit reviewed Hikvision’s vulnerability management practices end to end, including how vulnerabilities are reported by external researchers, how they are assessed internally, and how remediation and disclosure processes are executed and documented. The certification confirms that Hikvision operates a structured, traceable, and standardized vulnerability handling system aligned with international best practices.
Hikvision stated that the certification applies to its global vulnerability management processes and reflects the company’s approach to cybersecurity governance throughout the full product lifecycle, from development and deployment to post-market monitoring and disclosure.
Key Announcement Details
- Announcement type: International certification achievement
- Certifying body: British Standards Institution (BSI)
- Standards achieved: ISO/IEC 29147:2018 and ISO/IEC 30111:2019
- Scope: Vulnerability disclosure and vulnerability handling processes
- Geographic relevance: Global
- Industry focus: Cybersecurity, intelligent products, connected systems
- Company: Hikvision Digital Technology
- Announcement date: January 30, 2026
Strategic Context
According to Hikvision, vulnerability management has become a critical operational requirement as connected products face increasing regulatory, customer, and supply-chain scrutiny. International standards such as ISO/IEC 29147 and ISO/IEC 30111 provide formalized frameworks for how organizations receive, investigate, remediate, and disclose security vulnerabilities in a transparent and consistent manner.
ISO/IEC 29147 focuses on the external interface of vulnerability management, defining how organizations engage with external security researchers and other stakeholders. It standardizes processes for receiving vulnerability reports, acknowledging submissions, coordinating disclosure timelines, and communicating information to the public.
ISO/IEC 30111 addresses internal engineering processes related to vulnerability handling. It specifies requirements for investigation, analysis, remediation, verification, and documentation of reported vulnerabilities to ensure effective resolution and accountability.
Hikvision stated that aligning its internal and external vulnerability workflows with these standards supports consistent execution across teams and regions, while also enabling traceability and auditability of vulnerability handling activities.
Certification Scope and Audit Findings
According to the company, the BSI audit evaluated Hikvision’s vulnerability management system across multiple dimensions, including governance structures, process documentation, tooling, and execution controls.
The audit highlighted Hikvision’s implementation of a structured mechanism for receiving, assessing, and responding to reported security weaknesses. The company stated that its processes enable vulnerabilities to be tracked throughout their lifecycle, from initial submission through investigation, remediation, verification, and public disclosure where appropriate.
Hikvision also noted that its vulnerability handling framework incorporates automation to improve processing speed and consistency. According to the company, automated tools are used to support vulnerability intake, prioritization, workflow management, and verification, helping reduce response times and improve accuracy.
The certification confirms that these processes align with the requirements set out in ISO/IEC 29147 and ISO/IEC 30111 and are applied consistently across the organization.
Alignment With Global Regulatory Expectations
Hikvision stated that the certification comes at a time when global regulatory frameworks are increasingly emphasizing formal vulnerability disclosure and remediation obligations for connected products.
According to the company, its certified processes are aligned with emerging international requirements, including the European Union’s Cyber Resilience Act (CRA). The CRA mandates that manufacturers of connected products implement robust vulnerability management practices throughout the product lifecycle, including coordinated disclosure and timely remediation.
By achieving certification against ISO/IEC 29147 and ISO/IEC 30111, Hikvision indicated that it has established a standardized foundation to support compliance with evolving regulatory requirements across multiple jurisdictions.
Long-Term Approach to Vulnerability Management
Hikvision stated that security has been a core element of its product development and corporate strategy for more than a decade. The company outlined several milestones in the evolution of its vulnerability management framework.
In 2014, Hikvision established the Hikvision Security Response Center (HSRC), a dedicated function responsible for managing the receipt, processing, and disclosure of security vulnerabilities on a global basis. According to the company, HSRC serves as the central coordination point for engagement with external researchers and internal engineering teams.
In 2018, Hikvision became a CVE CNA (Common Vulnerabilities and Exposures Numbering Authority) partner. This designation enables the company to assign CVE identifiers and work directly with the global security research community to coordinate vulnerability disclosure. Hikvision stated that this role supports responsible disclosure practices and timely communication with affected stakeholders.
In 2023, the company opened its CyberSafe Experience Center in Hoofddorp, the Netherlands. According to Hikvision, the facility conducts regular vulnerability scans on its products and provides customers, partners, and visitors with visibility into its vulnerability management practices and security controls.
Continuous Maturation of Security Processes
Over the past decade, Hikvision stated that it has continued to refine and mature its vulnerability handling system to support both regulatory compliance and operational efficiency.
According to the company, its vulnerability management framework has evolved to incorporate automation and standardized workflows designed to improve response efficiency and enhance product security. These improvements aim to ensure that vulnerabilities are handled consistently, transparently, and within defined timelines.
By implementing the ISO/IEC 29147 and ISO/IEC 30111 frameworks, Hikvision stated that it has further optimized its vulnerability management processes and strengthened collaboration with the global security research community.
Engagement With the Security Research Community
Hikvision emphasized that collaboration with external security researchers remains a key component of its vulnerability management strategy. According to the company, standardized disclosure processes enable clearer communication, defined expectations, and coordinated remediation efforts.
The company operates a dedicated vulnerability reporting channel, allowing researchers to submit issues through a secure form. Hikvision stated that this channel supports structured intake and tracking of reported vulnerabilities and aligns with the external disclosure requirements defined under ISO/IEC 29147.
By maintaining formalized engagement mechanisms, Hikvision indicated that it seeks to support responsible vulnerability disclosure and constructive collaboration with the security research ecosystem.
Commitment to Secure Product Lifecycle Management
According to Hikvision, vulnerability management is integrated into its broader product lifecycle management approach. The company stated that certified processes help ensure that security considerations are addressed from product design and development through deployment and ongoing support.
Hikvision indicated that its vulnerability management framework is designed to reduce user risk, support supply-chain trust, and enhance confidence in the security of its intelligent products and solutions.
The company stated that it remains focused on delivering secure and reliable products to customers worldwide and views certification against internationally recognized standards as an important element of that commitment.
About Hikvision
Hikvision Digital Technology is a global provider of intelligent products and solutions. The company develops and delivers technologies across video security, intelligent sensing, and data-driven applications.
Hikvision operates globally and serves customers across a wide range of industries. The company stated that cybersecurity and responsible vulnerability management are integral components of its product development and operational practices.
Additional information about Hikvision’s cybersecurity initiatives and vulnerability reporting processes is available through the company’s official support and cybersecurity channels.
Media Source
SOURCE: Hikvision Digital Technology
Source Attribution
Source: Company announcement