The information security policy of eCloudvalley is summarized as follows.
To ensure the information security, integrity, and usability eCloudvalley Digital Technology Co. Ltd. (hereinafter called eCloudvalley), this policy is drafted in accordance with relevant laws and regulations to prevent any threat from the staff, other parties, or accidents, and according to eCloudvalley’s business requirements.
- Scope of Application
2.1 This policy is applicable to eCloudvalley’s entire staff, contractors, part-time employees, and visitors.
2.2 According to the spirit and purport of continuous improvement as seen in ISO27001, CN27001, and ISO27017, a “Plan, Support, Do, Check, Action” cycle and related management system were constructed.
2.3 The information security management scope and the cloud service information security management policy prevent eCloudvalley from potential risks and damages that may arise from the misusage, leaking, tampering, and damaging of information caused by negligence, malicious intentions, or natural disasters.
To ensure the confidentiality, integrity, and usability of eCloudvalley’s information asset and the privacy and security of user information, the entire staff of eCloudvalley strive together to achieve the target of sustainable operation and to meet the demands of related laws and regulations.
eCloudValley established an information security team to be in charge of events related to information security and to ensure that its management system is in accordance with ISO27100 and ISO27017. With the active participation and support of the management team, the security team aims to meet related standards and procedural regulations and to provide eCloudvalley’s information security officials with a performance report.
- Management Indicators
eCloudvalley established an “Information Security Plan” to evaluate whether eCloudvalley meets the information security management targets. Furthermore, related information security management indicators were established. eCloudValley also regularly reviews the responsibilities of its staff and personnel, provides training on information security, monitors computer and internet infrastructure security, and formulates information security loophole report system.
This policy is evaluated at least once a year to timely reflect government regulation updates and technology development, and to ensure the sustainable operation of eCloudvalley.
The policy is implemented upon the approval of administrative managers, and its revision goes through the same process.