This page explains MiiTel's security measures and its operation environment so all customers can use our services safely.
Contents1. Information Leakage Prevention
2. Data Preservation and Protection
3. Services and Support structure
4. Coordination with external organizations
1. Information Leakage Prevention
- All transmission between the customers' environment and RevComm will be encrypted by TLS 1.2.
- The database and storage are encrypted and stored using the encryption system of AES 256 and higher.
- We perform third-party vulnerability checks on our web applications and have installed WAF (Web Application Firewall) to protect against all attacks leveraging the vulnerability.
- IP address range restrictions can be done by the access requestor IP address.
- If the password is wrong in consecutive tries, the account will be locked temporarily.
Training and Auditing
- We conduct internal audits by external consultants on a regular basis.
- We conduct security training (e-learning) constantly for all employees.
2. Data Integrity and Protection
- The system is configured to be able to restore the data from the point where the backup was taken before the failure occurred.
- In case of human error, we have two backup systems.
- We operate by duplicating the data in multiple data centers in Kanto area.
- All servers are operated with redundancy, as our service can be continued to be used even in the event of failure caused by hardware or other factors.
Data Retention Period
- After you canceled the plan, we will perform a physical deletion of your data within one month after the expiration of the data browsing period according to your contract.
- Physical deletion of phone numbers and time of calls will be done within three months after the above.
- However, the above does not apply to cases of business reasons, such as billing, abuse, or complaint handling.
- For Login, User Management, Group Management, and Security Settings, the history of creation, modification, and deletion can be checked in MiiTel Analytics' Audit log.
3. Services and Support structure
Service Delivery Time
- 24 hours a day, 365 days a year (excl. suspension of service from planned and scheduled maintenance)
- Weekdays 9:00 - 19:00 (JST)
- Any problems that occur outside of support hours will be handled on the next business day.
- In general, the maintenance work will be done outside of the support hours. In case of maintenance work, we will notify you twice (week before and the day before) by email.
- Information is available at MiiTel Status.
- For your reference, please check Release Notes.
- We will announce major changes to the service, features that will affect integration with external services, and discontinuation of features through the website and via email at least one month in advance.
How to report failure or malfunction
- Please contact firstname.lastname@example.org.
Target Operation Percentage
- 99.9 % (excl. suspension of service from planned and scheduled maintenance. Failure caused by the customer's own network environment are not included in the total time of service failure.)
4. Cooperation with external organizations
Obtaining Third-party Certification
- We have acquired the Information Security Management System (ISMS, ISO/IEC 27001). Certification number : JP19/080577
- We have been granted the Privacy Mark. Registration number : No. 17003754(01)
Collecting vulnerability information
- We have a system that automatically collects and notifies vulnerability information announced by JPCERT/CC.
Vulnerability Assessment by Third-party
- Vulnerability assessment by a third party is conducted constantly.