Delivering innovative quality products and services requires companies to commit to implementing consistent, repeatable, and globally rolled-out processes that prioritise cyber security. Without this level of commitment, each product, service, and customer interaction becomes a random event, with variable outcomes in terms of quality and experience.            

To achieve consistency, leading tech companies often partner with management consulting firms to develop, train, and support their transformation into process-based organisations. For example, Huawei has employed IBM since 1997 to develop, train and support it in becoming a process-based organization – one that is fundamentally driven by repeatable processes. As a result, the company can deliver a consistent quality of products and services.

To instil confidence in customers, especially those facing political or commercial pressures, companies must provide independent assessments of their products and processes. This includes dedicated localization efforts to ensure the integrity of their supply and support chain. Implementing an end-to-end global cyber security assurance system is therefore crucial for maintaining stable and secure operations, particularly during emergencies such as natural disasters.

In addressing cyber security requirements, companies should integrate best practices into their standard processes, baselines, policies, and standards. This approach ensures that cyber security is not an afterthought but a fundamental part of daily operations - essentially, part of the company's DNA. Yet, establishing processes is only the first step.

To ensure their effectiveness, companies need to be deliberate about implementing a variety of measures. To begin with, they need to be committed to ensuring global standards are seen through. These may include the establishment of standardized business processes globally with identified Global Process Owners (GPOs) and Key Control Points (KCPs). 

Huawei in achieving this has established a Global Process Control Manual and a Segregation of Duties Matrix that apply to all its subsidiaries and business units.

This is paired with a dedicated Board Committee for Cyber Security, chaired by a senior executive, to oversee and enforce process execution. On this Board sits the main Board Members and Global Process Owners who have a role in ensuring that cyber security requirements are embedded in processes, policies and standards and that they are executed effectively. If there is any conflict, or resource issue in cyber security, this committee has the power, remit and seniority to make decisions and change the business without reference to anyone else.

Additionally, audits are an important part of these measures. Audits, added to external inspections and third-party reviews are useful for validating what is happening against what should happen. In this regard, Huawei Auditors use the Key Control Points and the Global Process Control manual to ensure processes are executed and that they are effective. This is regularly updated through online exams every year to keep knowledge current, forming part of its Internal Compliance Program.

However, there is nothing more important than an openness to scrutiny. Companies need to allow their processes and internal systems to be opened up to audit and scrutiny from their customers and governments. Huawei operates in over 140 countries because it is trusted by customers in all of these countries.

It is this ability to use real customers and experts from many fields and governments to inspect, vet and validate their approach that truly enables the company to develop world-class processes and integrated systems. Once again, it is a repeatable process that is also a virtuous cycle: develop – test – validate – learn –update –develop.   By integrating these measures, companies can ensure that security is truly built into their operations, rather than being an afterthought.