INFORMATION SECURITY POLICY
Version Number：v1.0, Date of update: August 18, 2022
Considering information security served as the basis for maintaining the secure operation of services, to ensure security of the employees, information, information systems, equipment and network of CLOUD MILE INC. (the “Company”), this Information Security Policy (the “Policy”) is set forth to govern the Information Security Management System (the “ISMS”) of the Company. This Policy shall apply to the Company’s branch company, subsidiary, including but not limited to Cloud Mile Inc., Taiwan Branch and Cloud Mile Ltd.
The information security objectives of the Company will be ensuring important information and services as to Confidentiality, Integrity, Availability and Compliance. The Company will define and measure the information security key performance indicators in accordance with the levels and functions for confirmation of the implementation of ISMS and the accomplishment of the information security objectives.
- Applicable Scope of this Information Security Policy
Considering the internal and external issues of the Company, needs and expectations of interested parties and the interfaces and dependencies regarding the Company’s and other organizations’ activities, this Policy shall apply to plan, establishment, operation, managed service of MSP(Managed Service Provider) Service, and development of MileLync and its operating environment.
Information security roles and responsibilities and management review procedure.
Management of documents and records.
The information security objectives and performance evaluation.
Internal audit of information security.
Human resources security management.
Access control management.
Physical and environmental security.
Operations security and cryptography.
Communication security management
Management of system acquisition, development and maintenance.
Supplier relationships management.
Information security incident management.
Business continuity management
- Organization and Responsibilities
To ensure the effective operation of ISMS, the Company shall establish the organization and responsibilities of information security for promoting and maintaining the progress of management, implementation and check.
- Enforcement Principles
The ISMS shall be implemented in the Plan, Do, Check and Act processing model, and in a repeated and iterative approach, to ensure the effectiveness of operation and continuous improvement of ISMS.
- Review and Evaluation
This Policy shall be under review and evaluation upon major changes or at least once a year in order to reflect the latest development of related regulations and laws, technologies, business and relevant department in order to ensure the effectiveness of information security practices.
This Policy will be modified in accordance with the evaluation results and shall be effective upon signed and posted by the representative of the Company.
The Company will make the notice to the interested parties, such as clients, business partners, employees and suppliers, in writing, email, document management system or other ways upon establishment or modification of this Policy.