ISO27017 Cloud Service Information Security Policy

AGENCIA Corporation has established the following information security policy for cloud services based on the "Information Security Policy".

1. 1.

   Information security requirements for cloud service design and implementation

   Apply customer information security requirements and this policy to design and implement cloud services.

2. 2.

   Risk measures from internal parties

   Control measures are developed and implemented for internal risks identified in the risk assessment.

3. 3.

   Isolating Cloud Computing Environments

   Virtualized multi-tenant environments are used to logically isolate and secure cloud computing environments.

4. 4.

   Employee access to and protection of customer data

   We may access customer accounts in accordance with the General Terms and Conditions to provide cloud services or resolve technical issues, but we will not monitor, edit, or disclose data without prior permission.

5. 5.

   access control procedure

   In addition to password authentication, two-step authentication can be set up to enhance security.

6. 6.

   Notification of changes to customers

   Information regarding changes in cloud service specifications, etc. will be provided through website postings and other means.

7. 7.

   Virtualization Security

   Protects the hypervisor and safeguards against threats across the entire lifecycle of the host infrastructure and virtual machines.

8. 8.

   Customer Account Management

   Customer accounts are managed with viewing privileges in an account management system created in AGENCIA.

9. 9.

   Information Sharing Guidelines

   Information will be shared for breach notification, investigation, and forensic support, and the means of notification and communication will be defined in the General Terms and Conditions.