WebComm Technology Co., Ltd.

Cloud Security Policy

Ver. 2024-03-11

WebComm Technology Co., Ltd.

Cloud Security Policy

Ver. 2024-03-11

1.Information Security Policy

Establish a flexible system for agile deployment and resource utilization to comprehensively enhance security.

2.Resource Capacity Management and Monitoring

2.1 The Cloud Service Software includes internal maintenance and monitoring systems to oversee the platform’s utilization rate, ensuring sufficient resource availability for clients’ use.

2.2 The Cloud Service Server capacity monitoring system includes an alarm feature. When the monitored capacity reaches a set threshold, the system triggers capacity expansion processes to prevent service disruption due to insufficient available capacity.

2.3 WebComm Technology Co., Ltd. (“WebComm” or “we”) will implement comprehensive monitoring to ensure the continuous operation of the Cloud Service and provide uninterrupted support.

3.Password Management

3.1 The Cloud Service Software employs FIDO authentication technology, utilizing standard public key cryptography techniques and biometric authentication to verify user identity. This process ensures that user passwords are neither collected nor stored, thereby securing the use of the software.

3.2 The Cloud Service Software employs SSL certificates with encryption keys of 2048 bits or greater, utilizing the SHA-256 signature algorithm, and provides a secure transmission channel through TLS 1.2, ensuring the security of data during network transmission.”

4.Backup Function

WebComm utilizes cloud server databases to regularly back up client information with encryption. Backups are stored for a minimum of six months and periodic recovery tests are conducted to ensure the confidentiality, integrity, and availability of the information.

5.Data Deletion Deadline

5.1 This Policy remains effective during the service authorization period, until expiration, termination, or recession.

5.2 Upon termination of the Cloud Service, all client data and backups will be deleted unless otherwise agreed in writing. We will not retain or store any client data.”

6.System Acquisition, Development, and Maintenance

6.1 Requests for changes to the Cloud Service Software must be submitted for approval. WebComm will evaluate such requests according to internal procedures and, if approved, will proceed with program development, testing, and release based on the specified requirements.

6.2 The development of Cloud System Software adheres to security standards, such as OWASP, during design, development, release, and testing phases to mitigate cybersecurity risks.

6.3 WebComm will conduct regular security checks, updates, and patches to ensure the security of the software.

7.Security Incident Reporting

Upon becoming aware of a Security Incident, WebComm will notify relevant stakeholders, including clients, and explain the situation in accordance with the Security Reporting Procedure. Appropriate measures will be taken to address the incident. If clients discover any security issues while using the Cloud Service Software, please contact WebComm’s sales or service contact (support@webcomm.com.tw). WebComm will assist clients in addressing the incident based on the Security Reporting Procedure.

8.Log Retention

8.1 WebComm has established appropriate organizational and technical procedures to protect confidential and sensitive information from misuse, unauthorized access, disclosure, loss, alteration, damage, or destruction.

8.2 Important logs are retained for 30 days, allowing clients to search operation data, such as user activation and login, ensuring secure protection and storage in accordance with the Log Retention Policy.

9.Time Synchronization

WebComm utilizes Google Cloud Platform’s time synchronization technology.

10.Cloud Data Location

The data related to WebComm’s Cloud Service Software is stored in Taiwan and United States.

11.Compliance

WebComm is certified by ISO 27001 and adheres to security standards and regulations, including Personal Data Protection Act. We follow internal procedures and cybersecurity regulations to ensure the security and privacy of client data. This policy shall be governed by and construed in accordance with the laws of Taiwan, R.O.C. Any disputes arising from this policy shall be submitted to the exclusive jurisdiction of the Taipei District Court.

12.Privacy Policy

For provisions regarding privacy, please refer to WebComm ‘s privacy policy available at https://www.webcomm.com.tw/web/tw/privacy/

13.Changes to/ Update of the Policy

WebComm may update or amend this Policy from time to time. The latest version of the Policy will always be posted on this site. We encourage you to review the contents of the latest version carefully. By continuing to use the Cloud Service Software after the latest Policy is published, you agree to be bound by the changes to the Policy.

 

專人協助

由偉康業務人員為您詳細說明偉康的解決方案及相關產業經驗

02-7701-5899

service@webcomm.com.tw