INFORMATION SECURITY POLICY
Version Number:v1.0, Date of update: August 18, 2022

  1. Purpose

    Considering information security served as the basis for maintaining the secure operation of services, to ensure security of the employees, information, information systems, equipment and network of CLOUD MILE INC. (the “Company”), this Information Security Policy (the “Policy”) is set forth to govern the Information Security Management System (the “ISMS”) of the Company. This Policy shall apply to the Company’s branch company, subsidiary, including but not limited to Cloud Mile Inc., Taiwan Branch and Cloud Mile Ltd.

  2. Objectives

    The information security objectives of the Company will be ensuring important information and services as to Confidentiality, Integrity, Availability and Compliance. The Company will define and measure the information security key performance indicators in accordance with the levels and functions for confirmation of the implementation of ISMS and the accomplishment of the information security objectives.

  3. Applicable Scope of this Information Security Policy

    Considering the internal and external issues of the Company, needs and expectations of interested parties and the interfaces and dependencies regarding the Company’s and other organizations’ activities, this Policy shall apply to plan, establishment, operation, managed service of MSP(Managed Service Provider) Service, and development of MileLync and its operating environment.

  4. Coverage
    • Information security roles and responsibilities and management review procedure.

    • Management of documents and records.

    • The information security objectives and performance evaluation.

    • Risk management.

    • Internal audit of information security.

    • Continuous improvement.

    • Human resources security management.

    • Asset management.

    • Access control management.

    • Physical and environmental security.

    • Operations security and cryptography.

    • Communication security management

    • Management of system acquisition, development and maintenance.

    • Supplier relationships management.

    • Information security incident management.

    • Business continuity management

    • Compliance management

  5. Organization and Responsibilities

    To ensure the effective operation of ISMS, the Company shall establish the organization and responsibilities of information security for promoting and maintaining the progress of management, implementation and check.

  6. Enforcement Principles

    The ISMS shall be implemented in the Plan, Do, Check and Act processing model, and in a repeated and iterative approach, to ensure the effectiveness of operation and continuous improvement of ISMS.

  7. Review and Evaluation
    • This Policy shall be under review and evaluation upon major changes or at least once a year in order to reflect the latest development of related regulations and laws, technologies, business and relevant department in order to ensure the effectiveness of information security practices.

    • This Policy will be modified in accordance with the evaluation results and shall be effective upon signed and posted by the representative of the Company.

    • The Company will make the notice to the interested parties, such as clients, business partners, employees and suppliers, in writing, email, document management system or other ways upon establishment or modification of this Policy.