Data Security

Main Features

• Acquisition of ISO27001 International Certification

  • ISO 27001 Certification is the internationally recognized certification system that mandates 114 security standards by an international board of members in the field of information security.
  • ECOUNT has obtained the ISO 27001 certification to enhance internal security system and improve client credibility.
  • ECOUNT observes and conducts the following tasks to meet the ISO 27001 requirements, and yearly renewed of its certification.
    • 1. Yearly regular audit from external security-specialized auditors
      
      • ECOUNT is regularly audited by external auditors specialized in security, to examine each team's work process.
      • Through simulating hacking, we identify weaknesses in our security and update system to prevent hacking attacks.
      • Servers and database are inspected to figure out things to improve and enhance system security.
    • 2. Encrypt important data
      
      • Any data that you input in ECOUNT ERP is securely transmitted to servers and database through encrypted transmission.
      • Important personal information such as account number and card number is encrypted using an algorithm and stored on the server.
      • Keys for encryption are securely stored at a thoroughly controlled environment, with a least access only from authorized people.
    • 3. Restrict access to database
      
      • Only the least number of staffs required for service operation are authorized of access to database.
      • Any access to servers and database is recorded with audit trail, and reviewed regularly and tracked.
      • Abnormal access attempts are monitored in real-time and immediately blocked to properly respond to security threats.
    • 4. Internal network security
      
      • We separate networks for business use from the ones accessible to servers and encrypt servers to essentially block data leakage.
      • Each network is protected by firewalls and malicious site filtering to control access and avoid infection from malicious codes.
    • 5. Backup to secure data
      
      • Any data you input is backed up daily and monitored of security.
      • Also, data are scattered to multiple databases and saved to avoid data loss in emergencies.
    • 6. Build and keep internal security policies
      
      • ECOUNT's security department is fully dedicated to information security and thoroughly examines internal data security.
      • Through a regular internal audit, we check whether our security policies are properly kept.
      • Reviews updates on Information Security Laws (Privacy Law, Information Network Law) and reflect them on internal security policies.
    • 7. Regular security checks and information security training for all employees
      
      • We monthly check security requirements, like Clean Desk check and whether files including private information are deleted.
      • We restrict using USB for business computers, and block access to external file server or P2P site.
      • All employees are trained for information security every year to enhance awareness for security.

• Servers Stored in Amazon Web Services(AWS)

  • All ECOUNT servers are securely managed in Amazon Web Services(AWS), the world's leading cloud provider.
  • Threats to service like DDoS attack and network attacks are blocked, to protect data from hacking and external threats.
  • Our team specialized in security monitors servers and database to respond to security threats in real-time.

• Customize Your Account Security Level

  • Set ERP access restricted hours by user.
  • Block access for a particular IP, or block access to ERP at all for certain hours.
  • Set password change cycle to keep individual account security level.
  • Administrators can view login history by user, and restrict login from unauthorized locations (e.g. forced logout).

ISO 27001