The firm is committed to designing and maintaining an appropriate, robust program of information security to secure data, systems and services. Current highlights of our information security program include:
We keep our Firewall up-to-date with the latest technology with additional protection from accredited providers to ensure every connection is fast and secure.
We have internal control over the change process to ensure that our systems are changed or updated according to business plan and with highest standard of security.
We do have the Disaster Recovery plan which is aligned with our Corporate Business Continuity plan. We also perform annual Disaster Recovery testing on an annually basis to ensure that all agreed processes are applicable to real-life situation.
At the Corporate and department level, we do perform regular audit exercise with accredited external firm to help monitor our internal process. We do also have a team of internal audit in the corporate where security is one of the main focusses.
On all of the system deployed in Corporate, we run vulnerability assessment before they are launched to users. The tests are also performed on regular basis even to ensure that the up-to-date protections are in place.
All of the users can only access to the system and data that they are responsible or assigned to.
Data are always at our top priority. We deploy encrypted channel to transfer our data to ensure the highest data in-transit security
We always stay up-to-date with our patch management on all of the system and server deployed in our organization to ensure that our security standard are fully protected
Awareness training is one of our top priorities in mandatory training to our employees. All the new joiners are trained in an instructor-led course. Also, we do run the awareness training in our e-learning platform to ensure that everyone in the corporate has the right and up-to-date knowledge on the topic.