I. Physical security
1. Top performance cloud service:
+ Emsa Technology hosts their servers on Google Cloud Platform. They used it as an trusted, secure and high-performance infrastructures to store their data.
+ All accesses to cloud server are prohibited and only authorized to responsible Emsa-Technology staffs. Any actions on cloud server will be recorded and reviewed regularly to maintain security.
Why Emsa Technology prefer Google cloud:
+ Future-Proof Infrastructure
+ Powerful Data & Analytics
+ Serverless, Fully Managed Computing
+ Data Center Innovation
+ Security at Scale
+ Read more at: https://cloud.google.com/why-google
2. Continuous data backup
+ Emsa Technology maintains and backups their server weekly with the highest caution that ensure everything is kept and stored in case of loss or system failure.
+ All backup tasks are executed automatically and quietly using another backup machine.
3. Data transfer:
+ Each customer data is stored separated with the others. That means we can easily backup and restore for each customer need in case they need to revert or restore to a specific time.
+ Emsa Technology will help customer to transfer those data to other locations, or keep it in customer’s local machines based on customer needs.
II. Application security
1. User Authentication:
+ Each user will have a unique account across all products (IoT, Project Management (PPMS), Fleet Management, etc) with a list of access rights of registered products.
+ Password is stored with a strong hashing algorithm with a unique cryptography that made any attempts to decrypt is impossible.
+ User cannot logged in without verification email; also applied with to accounts that have been deleted, blocked by administrators.
+ Emsa Technology support teams will help you with almost every issues, problems with your account. When support teams need to track down the problem by logging in to customer’s account, they will need to request a system-generated token that provided by customers. When the support is done, customers can change their system-generated token to a different one.
+ Customers never give username and password to support teams in any cases, if they do request it, please report it in Emergency Support.
+ In each product, product administrator (Super administrator) accounts can manage, control and grant access rights to each user of that product.
2. User Activities Tracking:
+ Product administrator (Super administrator) can track down all user requests (HTTPS) to the server.
+ Any changes, modification of a specific product will be notified to product administrators.
3. Data Encryption:
+ Emsa Technology uses Secure Sockets Layer (SSL) to protect the connection between user and cloud server. Any transmitted data will be encrypted using Symmetric-key algorithm and 2048-bit server key length with most modern browsers supported.
+ All accesses to Emsa Technology websites will be protected with both server authentication and data encryption. This will keep user’s password, cookies and sensitive data from hacking and eavesdropping activities.
III. Organizational Security:
1. Staff Authorization:
+ Only authorized Emsa Technology staffs can access to cloud server with only maintenance and security purpose. They must learn and follow a strict security policies before accessing to cloud server. Also, they must sign confidentiality agreement to prevent any disclosures.
+ Any accesses to customer data must be followed by procedures. Emsa Technology will contact to the customer and give a fully explanation why they wanted to access those information. Otherwise, without customer’s permission, none of Emsa-Technology staffs can access to it.
1. Non-Disclosure Agreements (NDA):
+ Keep the customer data safe and avoid leaking sensitive information from the inside, Emsa Technology force all staffs to sign Non-Disclosure Agreements (NDA) to create a confidential relationship between customers and Emsa Technology staffs. If any legal accesses to customer data was made, they must keep it secret and limit its use in internal.
+ Prevent any harmful actions from staffs such as use, publish, transfer, copy, sell to any person or other companies; even keep it for themselves.
+ Prevent staffs from stealing ideas from customer data to make their own profit during the employment.
+ Provide a better understanding about data storage policy, which is confidential information (private and protected) and public information (legit to access by the others and Emsa Technology).
IV: Data Privacy and Sharing:
+ All customer data is strictly protected and can only be seen and used by customer. Even Emsa Technology staffs are prohibited from accessing customer data except customer permission with reasonable purposes.
+ All actions that violated, spreading or unauthorized access to customer data will considered as a crime and will be penalized by a local government with appropriately laws.
V: Security Support Center:
+ Feel free to contact our support staffs at Contact Us to verify and help you to understand more about our security.
+ For more and deeper security layer, contact our security team at: Emergency Support.
