Technology and Security

技術與安全

IndexTechnology
Technology and Security Assurance
We adhere to highly professional corporate governance principles and are committed to building a secure and robust information and cloud service environment. From architecture design and operational management to continuous monitoring, our entire system follows international information security standards and implements financial-grade protection levels to ensure high consistency in service quality, operational stability, and data security.
IBM Technology

Cloud Infrastructure (IBM SoftLayer / IBM Cloud)

Our core system is deployed on IBM SoftLayer (IBM Cloud Infrastructure). This cloud platform features global high availability, rigorous information security governance, and comprehensive compliance management. The underlying environment for system operations complies with multiple international information security and quality management standards, including:

ISO/IEC 27001 – Information Security Management

ISO/IEC 27017 – Cloud Service Security Controls

ISO/IEC 27018 – PII Protection in Public Clouds

ISO 9001 – Quality Management System

ISO 27701 – Privacy Information Management (PIMS)

ISO 31000 – Risk Management Guidelines

In addition, the IBM Office of the CISO continuously provides security strategies, policies, and control mechanisms to strengthen the overall compliance and security resilience of the system.

Database Architecture and PII Protection

To ensure high security during the processing of personal and operational data, we adopt data layering and permission isolation architectures commonly used by financial institutions, implemented with strict control principles:

Independent separation management of member personal databases

Layered isolation design for system data and service data

Only authorized system modules can access PII

Adherence to the Principle of Least Privilege

These measures effectively reduce data interaction risks and enhance the security and compliance of information processing workflows.

Secure Transmission and Network Protection

Enterprise-grade SSL Certificates

All data transmission uses TLS/SSL encryption protocols to ensure data in transit is protected from detection, tampering, and interception, maintaining the integrity and confidentiality of information exchange.

Cloudflare Cloud Protection

Our services (including the Booking System and Hourly Booking System) use Cloudflare security layers for traffic pre-filtering and possess the following network security capabilities:

  • Global DDoS Attack Mitigation
  • Malicious Traffic Identification and Blocking
  • WAF (Web Application Firewall) Application Layer Protection

This protection mechanism ensures that only legitimate and trusted traffic can enter the host environment.

Contact Us
Security Photo 03

Host-side Security Measures

Our host environment is planned and managed according to enterprise-grade information security standards and configured with the following mechanisms:

  • Real-time Antivirus and Endpoint Security Monitoring
  • IPaaS Threat Forensics Service to detect and block suspicious behavior
  • Regular Vulnerability Scanning and Patching
  • Continuous Updates and Version Control

These measures ensure Business Continuity and System Resilience.

Multi-layer Security Architecture

We adopt a multi-layer information security governance architecture, covering:

  • Cloud Infrastructure Security (IBM)
  • Application Layer Security (WAF / Cloudflare)
  • Database Layering and Permission Isolation Mechanisms
  • Identity Verification and Role-Based Access Control (RBAC)
  • Real-time Threat Detection and Forensics (IPaaS)
  • Endpoint Protection (Antivirus / System Updates)

Through this multi-layer protection architecture, we ensure that all services operate in a highly controlled and compliant environment, providing customers with secure, stable, and trustworthy service quality.