INFORMATION SECURITY POLICY
Version Number:v1.1 Date of update: 13 May, 2024
- Purpose
Considering information security served as the basis for maintaining the secure operation of services, to ensure security of the employees, information, information systems, equipment and network of CLOUD MILE INC. (the “Company”), this Information Security Policy (the “Policy”) is set forth to govern the Information Security Management System (the “ISMS”) of the Company. This Policy shall apply to the Company’s branch company, subsidiary, including but not limited to Cloud Mile Inc., Taiwan Branch and Cloud Mile Ltd.
- Objectives
The information security objectives of the Company will be ensuring important information and services as to Confidentiality, Integrity, Availability and Compliance. The Company will define and measure the information security key performance indicators in accordance with the levels and functions for confirmation of the implementation of the ISMS and the accomplishment of the information security objectives.
- Applicable Scope of this Information Security Policy
Considering the internal and external issues of the Company, needs and expectations of interested parties and the interfaces and dependencies regarding the Company’s and other organizations’ activities, this Policy shall apply to plan, establishment, operation, managed service of MSP(Managed Service Provider) Service, and development of MileLync and its operating environment.
- Personnel and Responsibilities
All internal personnel, service providers, visitors, etc., within the scope of the Policy, shall adhere to the Policy and all ISMS procedures.
Any actions that jeopardize information security will be subject to legal and administrative responsibilities according to the severity of the situation or disciplinary actions as per the relevant regulations of this company.
- Coverage
Information security roles and responsibilities and management review procedure.
Management of documents and records.
The information security objectives and performance evaluation.
Risk management.
Internal audit of information security.
Continuous improvement.
Human resources security management.
Asset management.
Access control management.
Physical and environmental security.
Operations security and cryptography.
Communication security management
Management of system acquisition, development and maintenance.
Supplier relationships management.
Information security incident management.
Business continuity management
Compliance management
- Organization and Responsibilities
To ensure the effective operation of the ISMS, the Company shall establish the organization and responsibilities of information security for promoting and maintaining the progress of management, implementation and check.
- Enforcement Principles
The ISMS shall be implemented in the Plan, Do, Check and Act processing model, and in a repeated and iterative approach, to ensure the effectiveness of ISMS and the process needed and their interactions.
When the organization determines the need for changes to the ISMS, the changes shall be carried out in a planned manner.
- Review and Evaluation
This Policy shall be under review and evaluation upon major changes or at least once a year in order to reflect the latest development of related regulations and laws, technologies, business and relevant departments in order to ensure the effectiveness of information security practices.
This Policy will be modified in accordance with the evaluation results and shall be effective upon being signed and posted by the representative of the Company.
- Communication
The Company will make the notice to the interested parties, such as clients, business partners, employees and suppliers, through website announcements, emails, communication software, document management systems, meetings, or other means of communication or dissemination, upon establishment or modification of the ISMS documents (including the Policy).