Security Policy
ECOUNT acquired the International Security Certification ISO27001.
All servers are stored in Amazon Web Service (AWS), the world's leading cloud provider.
ISO27001
- ISO27001 is an international standard for data security established by ISO(International Organazation for
Standardization) that inspects the company's security ability based on the 114 standards.
ECOUNT is obtaining and renewing the security certification through the following security system.
1. Internal and external security audit
- We examine the internal security work process through external security-specialized auditors every year.
- Diagnose system's vulnerabilities by simulating hacking and improve the system.
- Appoint an information protection manager internally to establish and operate the management plan.
2. Institutionalize security inspections and security training for employees
- Security checkups are enforced in a daily, monthly basis to inspect employees' PC for saved customer's information, security seal, unauthorized programs installed, etc.
- All employees sign a security pledge before being put in to work and complete information protection training every year.
- Each employees are applied with different security levels and unauthorized personnel's access to information is blocked.
- Human security management is implemented by retrieving the information access of an employee who is transferring to other departments.
- Prevent data leakage caused by malicious code by monitoring the anti-virus program on employees' PC.
3. Encrypt customer information
- Use encrypted communication when sending the data, that the customer entered in ECOUNT, to the system.
- Important personal information like personal identification number, bank account number, credit card number, etc. are encrypted using algorithms before saving in the server.
- The key used to encrypt is stored separately in an unreachable place to block information leak.
4. Systematic management of information assets and system
- ECOUNT manages customers' information assets by monitoring the system operation status real-time.
- We manage the company's information assets effectively by classifying according to the importance and applying different levels.
- We have a system to manage potential risks such as information infringement, service failure, etc.
- When risk is found on the information asset during inspection, we strengthen the stability by improving the system.
5. Control access to information
- ECOUNT records and manages all access to information.
- Abnormal accesses are blocked by security experts who monitor information breaches real-time.
- Access control system and CCTV is installed in the offices and server room to prevent illegal intrusion by outsiders.
- We minimize and manage the IP that can access data with security systems like the firewall.
6. Data backup and system upgrade
- We regularly back up customers' data to prevent it from being lost on accidents or mistakes.
- Data recovery plan is established and recovery simulation training is held to prepare for any emergency situations.
- Monthly system inspection is performed and security patches are applied when vulnerability is found.
- System modification like program upgrade is carried out safely by going through thorough analysis by experts.
7. Establishment of recovery system from calamities
- ECOUNT is building a recovery system from calamities to ensure service continuity in the event of disaster.
- Recovery from calamity training is conducted to validate the data recovery plans.
Servers saved in the Amazon
Web Service(AWS)
- ECOUNT is keeping the server in the AWS which is
known for its world's highest security level. - The server is safe from hacking like DDoS attacks
because it is under AWS's server security system. - ECOUNT's security experts monitor the server and data
in real-time to block risk factors.
Users can set up their
own security
- User can allow or block specific IP logins.
- Login restricted time can be set for each ID.
- Strengthen verification steps by adding 2-step
verification upon logging in. - Password complexity, password changing
cycle can be adjusted which makes it more
convenient to manage each ID.