Security

Data Wow takes data security very seriously, we are certified with ISO27001:2003 for our information security including but not limited to our physical security, development security, and infrastructure security.

Development and Operations

All of our employees must be passed a background check and certified in information security awareness. Our technical staff and developers both web development and AI development are required to have extended knowledge of information security and secured system design. Our business processes are controlled with policy that takes security into consideration.

Our information assets are logged and secured following company policy to ensure our customers that data is secured and accounted for. We also regularly audit our information assets.

Standard Practice of System Development:

  • Follow OWASP framework (API Top 10, Web Top 10)
  • Developers are regularly train and learn about common vulnerabilities and threats
  • Code review for integrity and security
  • Regularly update our dependencies and make sure none of them has known vulnerabilities
  • Using Dynamic Application Security Test (DAST) and Static Application Security Test (SAST) to scan for vulnerabilities
  • Some projects that have extended risk are subject to 3rd parties penetration tests.

Data Wow is able to design our process to match with customer’s compliance requirements and can provide higher security levels as requested for a custom project of AI and Web Development. You can consult our sales team for additional information.


Employee Access

Our policy prevents unauthorized employees or system administrators from gaining access to personal user data without a legitimate reason. Limited exceptions may be made for customer support requests. Our company also implemented a need to know basis system where only relevant employees can access project information. All of our employees are signed a Non-Disclosure Agreement when joining the company to protect our customers’ information.


Physical Security

Our office are monitored and access controlled. All guests visiting our office are registered and logged.


On Location Data Processing Facility

The data processing facilities in the office have additional protections such as fire extinguishers for server room, SLA guarantee enterprise grade Internet connection, backup power, and encrypted data backup offsite for disaster recovery. We only use this facility to develop, train AI, and test systems, it does not serve for production environments.


Business Continuity and Disaster Recovery

Data Wow backs up all our critical information and assets and regularly performs a restore test on a backup to ensure swift recovery in case of disaster or failure. All of our backups are encrypted and saved to another location. Our RPO and RTO is shown on our products/services individually and can be customized per customers’ project requirements.

Data Wow also maintains Business Continuity Plan (BCP) for common risks of our businesses.


Infrastructure

All of our production facing customers are run in the cloud. We do not host or run our own infrastructure such as routers, physical servers, and load balancers. Our service is hosted on certified providers who have ISO27001, SOC1, SOC2, and other requirements or compliance requirements.

Primary locations we hosted our services: Singapore, Japan (Tokyo)


Network Monitoring and Protection

Our network are designed for fault tolerant, we also monitor regularly and protect our network from unauthorized access using best practices such as:

  • Virtual Private Cloud access only using VPN with Network Access Control List
  • Firewall that can monitor incoming and outgoing network traffic
  • IP Address filtering
  • DDoS protection

Data Protection and Encryption

Data Wow using TLS for data encryption in transit between our server and client. Sensitive data also encrypted when at rest. All sensitive data with a certain level of confidentiality will be required to encrypt on our employee computer. Confidential data that are sent outside of the organization also subject to encryption and/or password protected (e.g. sending file for customer via email)


Payment Processing Information

All online payment transactions are not processed at Data Wow but instead outsourced to service providers with PCI DSS. No card information is stored at Data Wow server. Our payment processing are:

  • Stripe (All Japanese products)
  • GB Prime Pay

Contact us

Drop us a line and we will get back to you