Talk to Expert

Cloud Compliance & Regulatory Policy – Meeting Industry & Legal Standards

Effective Date: January 1, 2025
Last Updated: January 1, 2025

  1. Introduction

    1. Net Onboard Sdn Bhd is committed to ensuring that its cloud services meet the highest regulatory, security, and industry compliance standards, guaranteeing a secure, legal, and reliable cloud computing environment for all users.
    2. This Cloud Compliance & Regulatory Policy defines:

      1. Compliance with Malaysian and international cloud security standards.
      2. Security measures, data protection regulations, and user responsibilities.
      3. Audit, monitoring, and incident management processes to ensure cloud security.
    3. This policy applies to:

      1. All customers, employees, vendors, and third parties using Net Onboard’s cloud services.
      2. All cloud platforms, data centers, and infrastructure managed by Net Onboard.
    4. This policy aligns with:

      1. ISO 27001 – Information Security Management
      2. General Data Protection Regulation (GDPR) (if applicable)
      3. Malaysia’s Personal Data Protection Act (PDPA) 2010
      4. Cloud Security Alliance (CSA) Security Guidelines
      5. Bank Negara Malaysia (BNM) Technology Risk Management Framework (for financial services clients)
  2. Cloud Compliance Framework & Legal Obligations

    1. Cloud Industry Compliance Requirements:

      1. All cloud services must adhere to ISO 27001 security standards for risk management and information security controls.
      2. Customers in regulated industries (e.g., financial services) must ensure compliance with Bank Negara Malaysia (BNM) regulatory requirements.
    2. Cloud Data Security & Privacy Compliance:

      1. Personal data must be processed in compliance with Malaysia’s PDPA 2010.
      2. Cross-border data transfers require explicit consent and must comply with GDPR (if applicable).
    3. Third-Party Vendor & Cloud Partner Compliance:

      1. All cloud vendors and service providers must adhere to Net Onboard’s Third-Party Vendor & API Integration Policy.
      2. Cloud-based applications and third-party integrations must comply with ISO 27001 and PCI-DSS (for payment services).
  3. Data Protection & Cloud Security Measures

    1. Data Encryption & Storage Security:

      1. All customer and enterprise data is encrypted using AES-256 encryption.
      2. Secure data-at-rest and data-in-transit encryption policies are enforced.
    2. Access Control & User Authentication:

      1. Cloud accounts require Multi-Factor Authentication (MFA) for secure access.
      2. Role-Based Access Control (RBAC) is applied to limit privileged access.
    3. Cloud Threat Monitoring & Incident Response:

      1. 24/7 security monitoring, intrusion detection, and vulnerability scanning are implemented.
      2. Security incidents are handled in accordance with Net Onboard’s Incident Response Policy.
  4. User Responsibilities & Compliance Requirements

    1. Customer Data Protection Responsibilities:

      1. Customers must ensure proper configuration of security settings in cloud environments.
      2. Customers must not store or process illegal, copyrighted, or sensitive data without compliance checks.
    2. Prohibited Activities & Cloud Usage Restrictions:

      1. Users may not engage in illegal, unethical, or unauthorized activities within Net Onboard’s cloud infrastructure.
      2. Hosting of malicious software, hacking tools, or unethical AI development is strictly prohibited.
    3. Customer Audit & Compliance Checks:

      1. Net Onboard reserves the right to audit cloud users to ensure regulatory compliance.
      2. Customers failing security audits may be subject to service suspension or termination.
  5. Cloud Service Audits & Compliance Reporting

    1. Internal Security Audits & Compliance Assessments:

      1. Net Onboard performs annual ISO 27001 audits and penetration tests to assess cloud security.
      2. Quarterly vulnerability scans are conducted to detect security weaknesses.
    2. Regulatory Reporting & Compliance Certification:

      1. Customers may request compliance certifications for cloud security frameworks (ISO 27001, PCI-DSS, or SOC 2).
      2. Net Onboard provides regulatory compliance reports upon request.
  6. Cloud Data Breach Notification & Risk Management

    1. Cloud Data Breach Response:

      1. Customers will be notified of security breaches within 72 hours, as required by GDPR and PDPA.
      2. Affected users will receive guidance on risk mitigation and data recovery measures.
    2. Risk Management & Incident Handling:

      1. Security risks are assessed using Cloud Security Alliance (CSA) risk management frameworks.
      2. A dedicated Security Incident Response Team (SIRT) handles cloud threats.
  7. Enforcement & Consequences of Non-Compliance

    1. Violations of this Policy May Result In:

      1. Account suspension or termination for security violations.
      2. Legal action for unauthorized use, data breaches, or financial fraud.
    2. Vendor & Third-Party Compliance Breaches:

      1. Vendors failing cloud compliance checks may be blacklisted from future business engagements.
  8. Governing Law & Dispute Resolution

    1. This policy is governed by Malaysian law, including the PDPA 2010 and the Contracts Act 1950.
    2. Compliance-related disputes will be resolved through mediation before arbitration or litigation.
  9. Amendments & Updates

    1. Net Onboard reserves the right to update this Cloud Compliance & Regulatory Policy at any time.
    2. Customers, partners, and vendors will be notified of material changes via email or cloud service notifications.

For compliance-related inquiries, contact [email protected].