1. <dd id="gk0tb"><noscript id="gk0tb"></noscript></dd>
      <dd id="gk0tb"><center id="gk0tb"></center></dd>

        <dd id="gk0tb"><track id="gk0tb"></track></dd>

        <dd id="gk0tb"></dd>

        <s id="gk0tb"><object id="gk0tb"><input id="gk0tb"></input></object></s>

        Security Guarantee

        Architecture Security

        Our Security Standards

        • oTMS strictly adheres to various international standards such as ISO27001 and implements information security governance and control of the SaaS system and data security management. In addition, oTMS obtained ISO27001:2013 certification in June 2017.

        Network Security

        • The oTMS SaaS newtork is hosted on AliCloud managed by Ali security service and has strict controls in place.
        • The oTMS network is equipped a strong firewall to prevent illegal access.
        • All data is encrypted when being sent and received through the internet.
        • The database zone, application zone, and web zone are managed separately.

        Data Security

        • All cloud data locally contained in China is stored in mainland China and is never transferred outside of China.
        • Sensitive files are well secured on Ali Cloud OSS service using 256-bit encryption.
        • Database zones, application zones, and web zone are all separated contained.
        • Database backup policies are in place to ensure that no more than 2 hours of data loss may occur annually.

        Disaster Recovery

        • A disaster recovery protocol is in place which includes off-site storage locations for all data. In the event of a disaster, core applications can be recovered within as little as 4 hours.

        Physical Security

        • The oTMS SaaS is hosted on Ali Cloud which provides securely managed and operated infrastructure.
        • Ali Cloud adheres to domestic and international information security standards, as well as industry requirements.

        Application Security

        Operations

        • The SaaS is operated on a 24/7 basis to ensure that critical incidents can be tracked and resolved in a timely manner.
        • The system features continuous daily operation logging, reviewing, and verification to ensure that system administrators conduct operations in accordance with standard procedures.

        Access Controls

        • All customer accounts feature a 2-stage authentication process.
        • Password complexity is strictly defined, and passwords must be comprised of at least 3 different types of character sets.
        • System administrator accounts are reviewed on a regular basis to ensure that only authorized individuals have the ability to perform specified operations.
        • Remote access is accessible through an encrypted tunnel.

        Vulnerability Management

        • The system is regularly scanned for vulnerabilities, and any detected vulnerability is immediately rectified.