Security Guarantee

Architecture Security

Our Security Standards

  • oTMS strictly adheres to various international standards such as ISO27001 and implements information security governance and control of the SaaS system and data security management. In addition, oTMS obtained ISO27001:2013 certification in June 2017.

Network Security

  • The oTMS SaaS network is located in an IDC managed and operated by an international IDC provider. The IDC is competently managed and has strict controls in place.
  • The oTMS network is equipped a strong firewall to prevent illegal access.
  • All data is encrypted when being sent and received through the internet.
  • The database zone, application zone, and web zone are managed separately.

Data Security

  • All cloud data locally contained in China is stored in mainland China and is never transferred outside of China.
  • Sensitive data stored in the oTMS database is secured using 256-bit encryption.
  • Database zones, application zones, and web zone are all separated contained.
  • Database backup policies are in place to ensure that no more than 2 hours of data loss may occur annually.

Disaster Recovery

  • A disaster recovery protocol is in place which includes off-site storage locations for all data. In the event of a disaster, core applications can be recovered within as little as 4 hours.

Physical Security

  • The oTMS SaaS is located in an IDC which is effectively managed by an international IDC service provider.
  • The IDC features physical controls which strictly adhere to international control standards.

Application Security

Operations

  • The SaaS is operated on a 24/7 basis to ensure that critical incidents can be tracked and resolved in a timely manner.
  • The system features continuous daily operation logging, reviewing, and verification to ensure that system administrators conduct operations in accordance with standard procedures.

Access Controls

  • All customer accounts feature a 2-stage authentication process.
  • Password complexity is strictly defined, and passwords must be comprised of at least 3 different types of character sets.
  • System administrator accounts are reviewed on a regular basis to ensure that only authorized individuals have the ability to perform specified operations.
  • Remote access is accessible through an encrypted tunnel.

Vulnerability Management

  • The system is regularly scanned for vulnerabilities, and any detected vulnerability is immediately rectified.