Skip to content
English
Go to ishosting.com
  • There are no suggestions because the search field is empty.

Security Policy [HK]

1. Purpose

This Security Policy sets out the measures implemented to ensure the security, reliability, and integrity of the Services. We are committed to applying industry-recognized best practices and appropriate safeguards to protect systems, infrastructure, and data, and to mitigate risks related to unauthorized access, misuse, or disruption of the Services.

2. Scope

This Policy applies to all users and customers who interact with the Services, systems, and infrastructure operated by the Company. It covers technical, organizational, and procedural security measures implemented in connection with service provision.

3. Principles of Security

Our security framework is guided by the following core principles:

  • Confidentiality – restricting access to sensitive information to authorized individuals only.
  • Integrity – protecting data and systems from unauthorized modification or destruction.
  • Availability – ensuring that Services and systems remain accessible to authorized users.
  • Accountability – maintaining internal controls and responsibility for security-related actions and decisions.

4. Data Protection and Regulatory Compliance

Security measures are implemented in accordance with applicable data protection and regulatory requirements. These measures are designed to ensure that information processed in connection with the Services is handled lawfully, securely, and proportionately, taking into account the nature of the Services and associated risks.

5. Core Security Measures

5.1 Access Controls

  • Access to systems and infrastructure is restricted using role-based access controls (RBAC).
  • Strong authentication mechanisms, including multi-factor authentication (MFA), may be enforced for access to sensitive systems and administrative functions.

5.2 Encryption

  • Sensitive data transmitted over networks is protected using secure communication protocols such as TLS.
  • Where applicable, data stored within systems may be protected using industry-standard encryption mechanisms.

5.3 Monitoring and Incident Response

  • Systems are monitored to detect abnormal activity, security incidents, or potential vulnerabilities.
  • An incident response process is maintained to assess, contain, and mitigate security incidents in a timely manner.

5.4 Audits and Assessments

  • Security controls may be reviewed periodically through internal assessments, vulnerability testing, or external reviews.
  • Third-party specialists may be engaged where appropriate to evaluate specific security measures.

5.5 Handling Reports of Inappropriate Activities

Prohibited activities are defined in the Acceptable Use Policy (AUP). Measures may be applied to detect, investigate, and prevent activities that violate applicable policies, including the use of internal systems, external tools, and relevant databases.

If a complaint, abuse report, or other indication of a potential violation is received, an internal investigation may be initiated. During such investigations, temporary service restrictions or disruptions may occur.

The Company does not proactively monitor customer content. Reviews are conducted only in response to reports, complaints, or verification of publicly available information.

Upon completion of an internal investigation:

  • Access to the Services may be restored if no violation is identified.
  • If a violation is confirmed, the Company may suspend or terminate the Services, remove infringing content, and permanently restrict account access. Decisions are made at the Company’s discretion and are not subject to appeal.

5.6 Internal Monitoring Systems

  • Automated internal systems may be used to monitor service usage patterns and detect indicators of abuse or policy violations.
  • Such monitoring does not involve accessing customer content and is limited to technical and operational data necessary for security purposes.

5.7 Know Your Customer (KYC) Requirements

In certain circumstances, identity verification may be required as a security and risk-mitigation measure.

Key provisions include:

  1. Purpose: KYC procedures are used to verify customer identity and reduce the risk of fraud, abuse, or unlawful use of the Services.
  2. Third-Party Processing: Identity verification is performed by specialized third-party service providers. The Company does not retain copies of identity documents unless required by applicable law or operational necessity.
  3. Customer Obligation: By using the Services, customers agree to complete identity verification when reasonably requested.
  4. Temporary Restrictions: Certain account features or Services may be limited until verification is completed.
  5. Timeframe: Customers are generally provided up to 24 hours to complete verification. Failure to do so may result in suspension or termination of Services.
  6. Unsuccessful Verification: If verification cannot be completed or fails, the Company may restrict access to the Services.
  7. KYC as an Appeal Prerequisite:

Where a violation of the Terms of Use or applicable policies is identified, completion of KYC verification may be required as a prerequisite for reviewing or reconsidering any enforcement decision. Failure or refusal to complete verification may result in the Company maintaining or extending enforcement measures.

6. Customer Security Responsibilities

  • Customers are expected to contribute to the security of the Services by:
  • Using strong and unique passwords.
  • Enabling multi-factor authentication where available.
  • Maintaining secure and up-to-date systems and software.
  • Promptly reporting suspected security incidents or unauthorized activity.

By using the Services, customers acknowledge and accept the security practices described in this Policy.

7. Transparency and Accountability

The Company seeks to maintain transparency regarding security practices by:

  • Implementing documented internal security controls.
  • Communicating material security-related issues where appropriate.
  • Taking reasonable steps to notify affected users in the event of a significant security incident, where required.

8. Revisions and Updates

This Security Policy may be updated periodically to reflect changes in operational practices, risk assessments, or regulatory requirements. Material changes may be communicated through appropriate channels.

This Policy reflects the Company’s ongoing commitment to maintaining the security and stability of the Services.