China Mobile International Limited (CMI), a wholly owned subsidiary of China Mobile, has been awarded the internationally recognized ISO/IEC 27001:2022 Information Security Management System (ISMS) certification following our independent third-party audit. This achievement demonstrates CMI’s continued commitment to robust information security governance and effective risk management practices.
Certification scope covers critical information systems and IT infrastructure
ISO/IEC 27001:2022 certification covers the development and maintenance of CMI’s business and management support IT applications, as well as the management of related IT infrastructure. By establishing a systematic information security management framework, CMI can effectively identify, assess and manage information security risks, enhancing system stability, data integrity and operational continuity, while ensuring the reliability and security of customer services.
Addressing today’s cyber threat landscape: key enhancements in ISO/IEC 27001:2022
The latest version of ISO/IEC 27001:2022 places increased emphasis on cybersecurity and privacy protection, with updated requirements designed to address evolving cyber threats and attack patterns. Key enhancements include:
- More rigorous supply chain and third-party security management
- Strengthened controls for cloud and virtualized environments
- Updated control structure aligned with ISO/IEC 27002:2022
- A risk governance framework better aligned with modern cyber threat scenarios
Mr. Yang Meng, CMI Director & Executive Vice President, Chief Cybersecurity Officer, said: “The certification is not an endpoint but the starting point for comprehensively enhancing security capabilities. We must follow the methodologies of internationally recognized certification standards to build the CMI's cyber and information security system. With emerging challenges such as AI and cross-border data, our security capabilities must continue to evolve.”
Ms. Miranda Kwan, Director of Business Assurance for SGS in Hong Kong, said: “Establishing a robust information security management system presents significant challenges for telecommunications enterprises with large-scale and complex information systems. CMI has demonstrated a forward-looking approach to information security governance, with mature practices in cross-functional collaboration and operational implementation. Achieving ISO/IEC 27001 certification confirms that CMI has successfully embedded international standards into its daily operations, strengthening its operational resilience and providing a solid foundation for future development.”
Corporate governance aligned with international standards
CMI previously achieved ISO 37301 Compliance Management System and ISO 37001 Anti-bribery Management System certifications, and its recent attainment of ISO/IEC 27001 Information Security Management System certification further demonstrates its multi dimensional governance capabilities across compliance, anti-corruption, internal governance and information security in alignment with international standards. As its global business continues to expand, CMI upholds comprehensive corporate governance, a strong compliance culture and a robust information security framework as the core foundations of its operational resilience.
ISO 37301 supports the establishment of a strong compliance culture, internal controls and oversight mechanisms. ISO 37001 reinforces anti-bribery controls, third-party due diligence and integrity-driven operations, while ISO/IEC 27001 strengthens information security governance and risk management capabilities.
The synergy among these three management systems enables CMI to better protect critical information assets, meet international regulatory and compliance requirements, enhance information security and risk governance, and support the secure operation of its global network services. This lays a solid foundation of trust for the sustainable growth of its international telecommunications and ICT businesses.
Mr. Yang Meng, Director & Executive Vice President, Chief Cybersecurity Officer for China Mobile International Limited (left) and Ms. Miranda Kwan, Director of Business Assurance for SGS in Hong Kong (right).
About China Mobile International Limited
China Mobile International Limited (CMI) is a wholly-owned subsidiary of China Mobile. In order to provide better services to meet the growing demand in the international telecommunications market, China Mobile established CMI in December 2010, headquartered in Hong Kong, China. CMI has expanded its footprint in 39 countries and regions. Leveraging the strong support by China Mobile, CMI is a trusted partner that provides comprehensive international information services and solutions to international enterprises, carriers and mobile users.
About SGS
SGS is the world’s leading Testing, Inspection and Certification company. We operate a network of over 2,500 laboratories and business facilities across 115 countries, supported by a team of over 100,000 dedicated professionals. With more than 145 years of service excellence, we combine the precision and accuracy that define Swiss companies to help organizations achieve the highest standards of quality, compliance and sustainability.
Our brand promise – when you need to be sure – underscores our commitment to trust, integrity and reliability, enabling businesses to thrive with confidence. We proudly deliver our expert services through the SGS name and a portfolio of trusted specialized brands, including Applied Technical Services, Brightsight, Bluesign and Nutrasource.
SGS is publicly traded on the SIX Swiss Exchange under the ticker symbol SGSN (ISIN CH1256740924, Reuters SGSN.S, Bloomberg SGSN SW).
