Trust Center

Safety Management System

Built on Yonyou’s established security and governance framework, Tetra supports the implementation of ERP solutions that meet internationally recognized standards for information security, privacy, and service management

ISO 27001

ISO 27001

International standard for information security management, ensuring risks are systematically identified, managed, and controlled.

ISO 27701

ISO 27701

Extension of ISO 27001 focusing on privacy management, supporting compliance with global data protection regulations.

ISO 27017

ISO 27017

Provides additional security controls and guidance for cloud service providers and users.

ISO 27018

ISO 27018

Focuses on protecting personal data in cloud environments, particularly for public cloud services.

ISO 20000-1

ISO 20000-1

International standard for IT service management, ensuring consistent and high-quality service delivery.

ISO 9001

ISO 9001

Quality management standard focused on improving service quality, operational efficiency, and customer satisfaction.

CSA STAR

CSA STAR

Cloud security certification by the Cloud Security Alliance, assessing both security controls and operational maturity.

SOC 2 (Type I & II)

SOC 2 (Type I & II)

Auditing standard assessing security, availability, and confidentiality of cloud service providers.

Software Supply Chain Security Certification

Software Supply Chain Security Certification

Assessment aligned with national cybersecurity standards (GB/T 43698-2024), ensuring the security and integrity of software supply chains.

R&D Process & Security

Built on Yonyou’s advanced R&D capabilities and certified development processes, Tetra supports the implementation of ERP solutions developed with strong governance, security, and engineering discipline

CMMI Level 5 (CMMI5)

CMMI Level 5 (CMMI5)

The highest level of the Capability Maturity Model Integration (CMMI), representing advanced software development processes, strong project governance, and continuous improvement in engineering practices.

Trusted R&D Operation Security (TSM)

Trusted R&D Operation Security (TSM)

Certification focused on secure software development practices, covering requirements, design, and development processes to ensure high reliability and strong security control throughout the R&D lifecycle.

Artificial Intelligence Governance

Built on Yonyou’s AI capabilities and governance framework, Tetra supports the implementation of intelligent ERP solutions—helping businesses improve efficiency while maintaining control, transparency, and responsible use of AI

ISO/IEC 42001 — AI Management System

ISO/IEC 42001 — AI Management System

ISO/IEC 42001 is the first international standard for artificial intelligence management systems, providing a structured framework to govern AI across its full lifecycle—from development and deployment to operation and monitoring.

The standard addresses not only technical implementation, but also key areas such as risk management, organizational oversight, and ethical use of AI. It helps enterprises establish clear controls for how AI systems are designed, deployed, and managed in real-world business environments.

Certification under ISO/IEC 42001 demonstrates that Yonyou’s AI capabilities are supported by a robust governance framework—ensuring that AI is applied in a controlled, transparent, and responsible manner.

Service & Operational Security

Built on Yonyou’s established service capabilities and operational standards, Tetra supports the delivery of ERP solutions with reliable performance, structured service processes, and strong operational resilience

CCRC — Information Security Service Qualification

CCRC — Information Security Service Qualification

Certification assessing the capabilities of organizations in delivering information security services, including system integration, secure development, and operational maintenance.

CS — Information System Construction & Service Capability

CS — Information System Construction & Service Capability

Evaluation framework assessing the ability of organizations to design, build, and manage information systems in accordance with industry standards.

ITSS — Information Technology Service Standard

ITSS — Information Technology Service Standard

A comprehensive framework for standardizing IT service delivery, ensuring reliability, consistency, and quality in IT operations.

ISO 22301 — Business Continuity Management

ISO 22301 — Business Continuity Management

International standard for business continuity, helping organizations prepare for disruptions and maintain critical operations under unexpected conditions.

Product Security & Reliability

Built on Yonyou’s secure and reliable product architecture, Tetra supports the delivery of ERP solutions designed with strong security controls and dependable system performance

EAL3+ (Common Criteria Certification)

EAL3+ (Common Criteria Certification)

Security certification indicating that the system has been independently evaluated and tested against defined security requirements, ensuring a strong level of product security assurance.

Cybersecurity Classified Protection — Level 3

Cybersecurity Classified Protection — Level 3

A national security standard requiring rigorous protection measures across multiple areas of system security and management, ensuring robust defense against cybersecurity risks.

Trusted Cloud Service Certification

Trusted Cloud Service Certification

Assessment focused on evaluating the security and reliability of cloud services from a user perspective, ensuring strong technical safeguards and operational integrity.

Trusted Cloud Security Framework

Trusted Cloud Security Framework

A comprehensive security framework covering the full lifecycle of application services, incorporating best practices such as secure development and DevSecOps to ensure consistent and reliable system security.

Unlock Your Business Potential Today!

We provide bespoke ERP and CRM consultancy for SMEs across all sectors in Hong Kong.

Talk to Tetra