Security Protection

The firm is committed to designing and maintaining an appropriate, robust program of information security to secure data, systems and services. Current highlights of our information security program include:

Next-Generation Firewall

We keep our Firewall up-to-date with the latest technology with additional protection from accredited providers to ensure every connection is fast and secure.

Change management processes

We have internal control over the change process to ensure that our systems are changed or updated according to business plan and with highest standard of security.

Disaster recovery and business continuity testing;

We do have the Disaster Recovery plan which is aligned with our Corporate Business Continuity plan. We also perform annual Disaster Recovery testing on an annually basis to ensure that all agreed processes are applicable to real-life situation.

Internal and external security audits

At the Corporate and department level, we do perform regular audit exercise with accredited external firm to help monitor our internal process. We do also have a team of internal audit in the corporate where security is one of the main focusses.

Vulnerability assessments

On all of the system deployed in Corporate, we run vulnerability assessment before they are launched to users. The tests are also performed on regular basis even to ensure that the up-to-date protections are in place.

Role-based access controls

All of the users can only access to the system and data that they are responsible or assigned to.

Secured data in-transit

Data are always at our top priority. We deploy encrypted channel to transfer our data to ensure the highest data in-transit security

Patch management

We always stay up-to-date with our patch management on all of the system and server deployed in our organization to ensure that our security standard are fully protected

Awareness training on regular basis

Awareness training is one of our top priorities in mandatory training to our employees. All the new joiners are trained in an instructor-led course. Also, we do run the awareness training in our e-learning platform to ensure that everyone in the corporate has the right and up-to-date knowledge on the topic.