Our Security Standards
- oTMS strictly adheres to various international standards such as ISO27001 and implements information security governance and control of the SaaS system and data security management. In addition, oTMS obtained ISO27001:2013 certification in June 2017.
- The oTMS SaaS network is located in an IDC managed and operated by an international IDC provider. The IDC is competently managed and has strict controls in place.
- The oTMS network is equipped a strong firewall to prevent illegal access.
- All data is encrypted when being sent and received through the internet.
- The database zone, application zone, and web zone are managed separately.
- All cloud data locally contained in China is stored in mainland China and is never transferred outside of China.
- Sensitive data stored in the oTMS database is secured using 256-bit encryption.
- Database zones, application zones, and web zone are all separated contained.
- Database backup policies are in place to ensure that no more than 2 hours of data loss may occur annually.
- A disaster recovery protocol is in place which includes off-site storage locations for all data. In the event of a disaster, core applications can be recovered within as little as 4 hours.
- The oTMS SaaS is located in an IDC which is effectively managed by an international IDC service provider.
- The IDC features physical controls which strictly adhere to international control standards.
- The SaaS is operated on a 24/7 basis to ensure that critical incidents can be tracked and resolved in a timely manner.
- The system features continuous daily operation logging, reviewing, and verification to ensure that system administrators conduct operations in accordance with standard procedures.
- All customer accounts feature a 2-stage authentication process.
- Password complexity is strictly defined, and passwords must be comprised of at least 3 different types of character sets.
- System administrator accounts are reviewed on a regular basis to ensure that only authorized individuals have the ability to perform specified operations.
- Remote access is accessible through an encrypted tunnel.
- The system is regularly scanned for vulnerabilities, and any detected vulnerability is immediately rectified.