Last Updated: 25/May/2018
- Information security that applies to the design and actual condition of cloud services
WingArc1st provides stable and safe services to customers by streamlining development guidelines in-house, and carrying out development along those guidelines.
- Risks from authorized insiders
WingArc1st’s policy states that the production environment cannot be accessed without a valid reason.
- Segregation of multi-tenancy and cloud service customers (including virtualization)
WingArc1st’s cloud services provide multi-tenant services and logically separates the IT resources of each company.
- Access to assets of cloud service customers by cloud service providers’ personnel
Generally, WingArc1st personnel do not directly access customer data on the cloud. If necessary, personnel must obtain prior approval from cloud users.
- Access control procedures (e.g. strict authentication for administrative access to cloud services)
Access control procedures to the production environment are protected by multi-factor authentication.
- Notifications to cloud service customers about change management
WingArc1st will send notifications by email and via the support site at 2 weeks and 1 week prior to change management and on the day. Notification will also be sent once the change is done.
- Virtualization Security
WingArc1st’s cloud service prevents information security damage using the PDCA cycle of the ISMS.
- Access and protection of cloud service customer data
- Information from customers is managed on Amazon Web Services (referred to as AWS below).
- WingArc1st monitors the latest trends and adopts highly evaluated technology for its encryption.
Customer data is protected by encryption and hashing.
Local user’s passwords are hashed.
The password of external connection, the User ID of Named User, data cache and temporary file are encrypted.
- WingArc1st’s cloud service security is protected from hacking by AWS functions that prevent unauthorized access.
- Life cycle processing of cloud service customer accounts
Customers can change, add or delete their own accounts. Please refer to the online manual in the link below.
Information sharing policy to support notifications of violations, investigations and forensics
Investigations are conducted by downloading log information or by request to WingArc1st (business operator).