CloudCC Security Statement

CloudCC is a powerful cloud based CRM system for different size of business from different industries. We take care of data backups, updates or security to ensure that you can focus on your business. As an enterprise in New OTC(Over the Counter) Market with more than 8000+ global users, we attach great importance to data security and have developed a comprehensive set of technologies, architectures and policies to ensure our customers’ data is most secure.

This security document outlines some technological architectures and policies to ensure your data is protected. And our security statements are grouped in four parts of different areas:


PartⅠ Our Qualifications and Security Certifications


Our Qualifications

As a listed enterprise in New OTC(Over the Counter) Market, CloudCC provides the flexible and easy-to-use set of CRM solutions system for customers.The criteria for becoming a listed enterprise in New OTC (Over the Counter) Market are: richer talents, adequate funds, sound operating mechanisms and standardized management. So CloudCC can ensure the security of customer data.

Security Certifications

· NESSUS
Nessus is deployed by millions of users worldwide to identify vulnerabilities, policy-violating configurations and malware that attackers use to penetrate your or your customer's network. CloudCC has passed NESSUS security testing.
· ACUNETIX
Acunetix tests for SQL Injection, XSS, XXE, SSRF, Host Header Injection and over 4500 other web vulnerabilities. It has the most advanced scanning technology and can generate minimal false alarms. CloudCC has passed ACUNETIX security testing. So far, CloudCC has passed the security tests of many professional organizations around the world. CloudCC's defense system, bank and financial institution level encryption technology and careful security measures can effectively prevent hackers and protect users' data security. And CloudCC CRM applications run inside a secured, sliced-down operating system which is engineered for security that minimizes vulnerabilities.

Part Ⅱ Physical Security


We offer our services in exclusive space and host our datacenters in some of the most secure facilities available. These facilities can protect our data from physical and logical attacks.

· 7x24x365 Security
We host your data in our data center that are guarded by private security guards seven days a week, 24 hours a day, 365 days a year.
· Video Monitoring
The pupil-scanning access control system covers the entire facility and the surrounding area to protect our data.
· Secure Facilities
CloudCC datacenters are guarded by industry-standard fires, winds, earthquakes and floods prevention and control systems.
· Power Redundancy
We configure our services for power redundancies-Redundant Cooling and Temperature, such as redundant N+1 cooling system, redundant N+1 CPS/UPS system and PDU.

Part Ⅲ Access Control


Our network security access control policy and infrastructure helps protect your data against the electronic attacks.

· IDC Peripheral Physical Firewall
Professional IDC peripheral physical firewalls and edge routers can block unused agreements in a timely manner.
· Internal Dual Firewall
The internal dual firewall can cut off the connection between applications and database once a security breach is found.
· Real-time Intrusion Detection Sensor
Real-time intrusion detection sensor spreads throughout the internal network and report events to the security event management system in real time.
· External Network Scanning
Our third-party service providers scan the network in real-time from outside, and once they notice a change in the baseline configuration, they will immediately send an alert.

Part Ⅳ Data Backup and Protection


We backup users' data periodically across multiple servers, in order to help protect the data in the event of hardware failure or disaster.

· Data Backup
Each data center alternately uses the incremental backup and the complete backup to backup the data to the disk and to clone the security link to the disk document file. Data centers perform near-real-time data replication between production data center and disaster recovery centers.
· Data Protection
The connection to the CloudCC environment is achieved by using the SSL CA digital certificate of the global professional organization GeoTrust, which is implemented through SSL 3.0/TLS 1.0. The connection uses 256-bit encryption technology. At the same time, SHA1 technology is used for authentication and DHE_RSA is used as secret key exchange mechanism, in order to make sure that users can safely connect to our services through their browsers and use them properly.

In addition, CloudCC will sign data confidentiality agreements with our customers to protect their data security by law. For more information on CloudCC security certifications and policies, please contact us.