Security Guarantee

Architecture Security

Our Security Standards

  • oTMS strictly adheres to various international standards such as ISO27001 and implements information security governance and control of the SaaS system and data security management. In addition, oTMS obtained ISO27001:2013 certification in June 2017.

Network Security

  • The oTMS SaaS newtork is hosted on AliCloud managed by Ali security service and has strict controls in place.
  • The oTMS network is equipped a strong firewall to prevent illegal access.
  • All data is encrypted when being sent and received through the internet.
  • The database zone, application zone, and web zone are managed separately.

Data Security

  • All cloud data locally contained in China is stored in mainland China and is never transferred outside of China.
  • Sensitive files are well secured on Ali Cloud OSS service using 256-bit encryption.
  • Database zones, application zones, and web zone are all separated contained.
  • Database backup policies are in place to ensure that no more than 2 hours of data loss may occur annually.

Disaster Recovery

  • A disaster recovery protocol is in place which includes off-site storage locations for all data. In the event of a disaster, core applications can be recovered within as little as 4 hours.

Physical Security

  • The oTMS SaaS is hosted on Ali Cloud which provides securely managed and operated infrastructure.
  • Ali Cloud adheres to domestic and international information security standards, as well as industry requirements.

Application Security

Operations

  • The SaaS is operated on a 24/7 basis to ensure that critical incidents can be tracked and resolved in a timely manner.
  • The system features continuous daily operation logging, reviewing, and verification to ensure that system administrators conduct operations in accordance with standard procedures.

Access Controls

  • All customer accounts feature a 2-stage authentication process.
  • Password complexity is strictly defined, and passwords must be comprised of at least 3 different types of character sets.
  • System administrator accounts are reviewed on a regular basis to ensure that only authorized individuals have the ability to perform specified operations.
  • Remote access is accessible through an encrypted tunnel.

Vulnerability Management

  • The system is regularly scanned for vulnerabilities, and any detected vulnerability is immediately rectified.
50元提现的现金棋牌 13295期排列5开奖结果 广东好彩1怎么玩 江苏7位数体彩开奖时间 黑马计划软件破解版 王中王料精选资料大全 股市宏观分析 海南4十1彩票开奖结果 北京pk10全天计划软件 安徽十一选五软件下载 11选5傻瓜打法 青海快三开预测 福建体育彩票22选5开奖 贵州11选五最大遗漏 江苏十一选五预测一定牛 重庆幸运农场合法吗 上海快三走势图今天10