Printweb is committed to protecting the confidentiality, integrity, and availability of information belonging to our customers, employees, and partners, and to respecting privacy in all operations. To achieve this, the Company declares the following principles and commitments:
1. Scope
This policy applies to all employees, contractors, temporary staff, interns, and approved third parties, and covers all information assets, systems, and services managed by or on behalf of the Company.
2. Governance & Compliance
We maintain a risk-based information security management framework aligned with international best practices (e.g., the spirit of ISO/IEC 27001).
We comply with applicable laws, regulations, contractual obligations, and customer security requirements.
3. Risk Management & Continual Improvement
We regularly assess and treat information security risks with appropriate technical and organizational controls.
We review controls through internal/external audits and management reviews, and improve them using a PDCA (Plan–Do–Check–Act) cycle.
4. Access & Identity Management
Access is granted on the principle of least privilege and reviewed periodically.
We employ strong authentication and robust credential management where appropriate.
5. Data & System Protection
Controls are applied according to data sensitivity, including encryption, backup and retention, and secure disposal.
Secure design, change management, malware protection, logging, and monitoring are used to safeguard operations and service stability.
6. Incident Reporting & Response
We maintain defined procedures for reporting, assessing, and responding to security incidents.
When required by law or contract, affected stakeholders and regulators will be notified in a timely manner.
We welcome good-faith vulnerability reports via the contact below.
7. Supplier & Third-Party Security
Security requirements for suppliers and service providers are defined in contracts and are subject to due diligence and ongoing oversight.
8. People & Training
Employees receive periodic training on information security and personal data protection.
All personnel share responsibility for complying with this policy and related procedures.
9. Privacy & Personal Data Protection
Personal data is collected and processed for specific, legitimate purposes and protected in accordance with our Privacy Policy and applicable laws.
10. Business Continuity
We implement resilience, backup, and recovery measures to reduce the impact of disruptions and sustain critical services.
Contact
For security or privacy concerns, including potential vulnerability reports, please use our [Contact Us] page.
撥打電話