oTMS strictly adheres to various international standards such as ISO27001 and implements information security governance and control of the SaaS system and data security management. In addition, oTMS obtained ISO27001:2013 certification in June 2017.
Network Security
The oTMS SaaS newtork is hosted on AliCloud managed by Ali security service and has strict controls in place.
The oTMS network is equipped a strong firewall to prevent illegal access.
All data is encrypted when being sent and received through the internet.
The database zone, application zone, and web zone are managed separately.
Data Security
All cloud data locally contained in China is stored in mainland China and is never transferred outside of China.
Sensitive files are well secured on Ali Cloud OSS service using 256-bit encryption.
Database zones, application zones, and web zone are all separated contained.
Database backup policies are in place to ensure that no more than 2 hours of data loss may occur annually.
Disaster Recovery
A disaster recovery protocol is in place which includes off-site storage locations for all data. In the event of a disaster, core applications can be recovered within as little as 4 hours.
Physical Security
The oTMS SaaS is hosted on Ali Cloud which provides securely managed and operated infrastructure.
Ali Cloud adheres to domestic and international information security standards, as well as industry requirements.
Application Security
Operations
The SaaS is operated on a 24/7 basis to ensure that critical incidents can be tracked and resolved in a timely manner.
The system features continuous daily operation logging, reviewing, and verification to ensure that system administrators conduct operations in accordance with standard procedures.
Access Controls
All customer accounts feature a 2-stage authentication process.
Password complexity is strictly defined, and passwords must be comprised of at least 3 different types of character sets.
System administrator accounts are reviewed on a regular basis to ensure that only authorized individuals have the ability to perform specified operations.
Remote access is accessible through an encrypted tunnel.
Vulnerability Management
The system is regularly scanned for vulnerabilities, and any detected vulnerability is immediately rectified.
