1. Objective
To ensure the information security, integrity, and usability eCloudvalley Digital Technology Co. Ltd. (hereinafter called eCloudvalley), this policy is drafted in accordance with relevant laws and regulations to prevent any threat from the staff, other parties, or accidents, and according to eCloudvalley’s business requirements.
2. Scope of Application
2.1 This policy is applicable to eCloudvalley’s entire staff, contractors, part-time employees, and visitors.
2.2 According to the spirit and purport of continuous improvement as seen in ISO27001 and ISO27017, a “Plan, Support, Do, Check, Action” cycle and related management system were constructed.
2.3 The information security management scope and the cloud service information security management policy prevent eCloudvalley from potential risks and damages that may arise from the misusage, leaking, tampering, and damaging of information caused by negligence, malicious intentions, or natural disasters.
3. Targets
To ensure the confidentiality, integrity, and usability of eCloudvalley’s information asset and the privacy and security of user information, the entire staff of eCloudvalley strive together to achieve the target of sustainable operation and to meet the demands of related laws and regulations.
4. Responsibilities
eCloudValley established an information security team to be in charge of events related to information security and to ensure that its management system is in accordance with ISO27001 and ISO27017. With the active participation and support of the management team, the security team aims to meet related standards and procedural regulations and to provide eCloudvalley’s information security officials with a performance report.
5. Management Indicators
eCloudvalley established an “Information Security Plan” to evaluate whether eCloudvalley meets the information security management targets. Furthermore, related information security management indicators were established. eCloudValley also regularly reviews the responsibilities of its staff and personnel, provides training on information security, monitors computer and internet infrastructure security, and formulates information security loophole report system.
6. Audit
This policy is evaluated at least once a year to timely reflect government regulation updates and technology development, and to ensure the sustainable operation of eCloudvalley.
7. Implementation
The policy is implemented upon the approval of administrative managers, and its revision goes through the same process.