On November 27, 2023, the State Administration for Market Regulation and the Standardization Administration of the People's Republic of China issued the National Standards Announcement of the People's Republic of China (No. 13 [2023]), and the three national standards under the supervision of the National Information Security Standardization Technical Committee were officially released. Among them, the first SDK national standard "Information Security TechnologySecurity Requirements for Mobile Internet Application (APP) Software Development Kit (SDK) has been approved and will be officially implemented on June 1, 2024. Agora participated in the compilation of the national standard as the main drafting unit.
This standard is the first national standard on SDK network security in China, which stipulates the security requirements for the design, development, release, operation, termination and other stages of mobile Internet application (APP) software development kit (SDK) and personal information processing activities, which is applicable to SDK development and operation, and can also provide reference for SDK security detection and evaluation.
Agora put forward the classification of real-time audio SDK for the first time in this standard, and actively put forward standard construction opinions for minimizing personal information and protecting user rights and interests, so as to promote further standardization and standardized operation of the market, build a security fortress and realize industry empowerment.
In addition to participating in the compilation of the national standard, Agora also participated in the compilation of the "Information Security Technology Data Security Requirements for Network Audio Services" standard released in October 2022.
As a pioneer and leader in the real-time interactive cloud industry, Agora has always regarded SDK compliance as one of the foundations of RTE services. On the one hand, Agora embeds PBD (Privacy by Design) into the security development process at the beginning of planning, and strictly controls the key nodes of requirements review, design and development, testing and acceptance, and on-line maintenance, and continuously promotes the update and implementation of compliance standards.
On the other hand, Agora follows internationally recognized information security and privacy protection standards and industry requirements, and has been committed to adopting international best practices to build a privacy and security management system. At present, Agora has passed ISO IEC 27001, ISO IEC 27017, ISO IEC 27018, ISO IEC 27701 system certification, the Ministry of Public Security Classified Network Security Protection ** certification, and obtained the SOC2 Type 2 service assurance report, further improving its privacy protection and security capabilities.
In addition, Agora has also established in-depth cooperation with the world's leading security compliance partners, including DNVĀ·GL, an authoritative standards certification organization, EY, an information security and privacy protection consulting service organization, and Spydersec and Panorays, which are leading security solution vendors in the U.S. market, to ensure that platform products comply with the European Union's General Data Protection Regulation (GDPR).The California Consumer Privacy Act (CCPA), the Health Insurance Portability and Accountability Act (HIPAA) and other foreign laws and regulations provide more comprehensive security and compliance protection for enterprises going overseas.
Agora participated in the compilation of national standards related to SDK security, which also means that Agora has contributed to the construction of SDK security with practical actions. In the future, while continuing to deepen technology and polish products and services, Agora will also strengthen its investment in data security and privacy protection, and continue to improve its security and compliance capabilities.