Effective Date: January 1, 2025
Last Updated: January 1, 2025

1. Introduction
1.1 Net Onboard Sdn Bhd is committed to ensuring that its cloud services meet the highest regulatory, security, and industry compliance standards, guaranteeing a secure, legal, and reliable cloud computing environment for all users.
1.2 This Cloud Compliance & Regulatory Policy defines:
– Compliance with Malaysian and international cloud security standards.
– Security measures, data protection regulations, and user responsibilities.
– Audit, monitoring, and incident management processes to ensure cloud security.
1.3 This policy applies to:
– All customers, employees, vendors, and third parties using Net Onboard’s cloud services.
– All cloud platforms, data centers, and infrastructure managed by Net Onboard.
1.4 This policy aligns with:
– ISO 27001 – Information Security Management
– General Data Protection Regulation (GDPR) (if applicable)
– Malaysia’s Personal Data Protection Act (PDPA) 2010
– Cloud Security Alliance (CSA) Security Guidelines
– Bank Negara Malaysia (BNM) Technology Risk Management Framework (for financial services clients)

2. Cloud Compliance Framework & Legal Obligations
2.1 Cloud Industry Compliance Requirements:
– All cloud services must adhere to ISO 27001 security standards for risk management and information security controls.
– Customers in regulated industries (e.g., financial services) must ensure compliance with Bank Negara Malaysia (BNM) regulatory requirements.
2.2 Cloud Data Security & Privacy Compliance:
– Personal data must be processed in compliance with Malaysia’s PDPA 2010.
– Cross-border data transfers require explicit consent and must comply with GDPR (if applicable).
2.3 Third-Party Vendor & Cloud Partner Compliance:
– All cloud vendors and service providers must adhere to Net Onboard’s Third-Party Vendor & API Integration Policy.
– Cloud-based applications and third-party integrations must comply with ISO 27001 and PCI-DSS (for payment services).

3. Data Protection & Cloud Security Measures
3.1 Data Encryption & Storage Security:
– All customer and enterprise data is encrypted using AES-256 encryption.
– Secure data-at-rest and data-in-transit encryption policies are enforced.
3.2 Access Control & User Authentication:
– Cloud accounts require Multi-Factor Authentication (MFA) for secure access.
– Role-Based Access Control (RBAC) is applied to limit privileged access.
3.3 Cloud Threat Monitoring & Incident Response:
– 24/7 security monitoring, intrusion detection, and vulnerability scanning are implemented.
– Security incidents are handled in accordance with Net Onboard’s Incident Response Policy.

4. User Responsibilities & Compliance Requirements
4.1 Customer Data Protection Responsibilities:
– Customers must ensure proper configuration of security settings in cloud environments.
– Customers must not store or process illegal, copyrighted, or sensitive data without compliance checks.
4.2 Prohibited Activities & Cloud Usage Restrictions:
– Users may not engage in illegal, unethical, or unauthorized activities within Net Onboard’s cloud infrastructure.
– Hosting of malicious software, hacking tools, or unethical AI development is strictly prohibited.
4.3 Customer Audit & Compliance Checks:
– Net Onboard reserves the right to audit cloud users to ensure regulatory compliance.
– Customers failing security audits may be subject to service suspension or termination.

5. Cloud Service Audits & Compliance Reporting
5.1 Internal Security Audits & Compliance Assessments:
– Net Onboard performs annual ISO 27001 audits and penetration tests to assess cloud security.
– Quarterly vulnerability scans are conducted to detect security weaknesses.
5.2 Regulatory Reporting & Compliance Certification:
– Customers may request compliance certifications for cloud security frameworks (ISO 27001, PCI-DSS, or SOC 2).
– Net Onboard provides regulatory compliance reports upon request.

6. Cloud Data Breach Notification & Risk Management
6.1 Cloud Data Breach Response:
– Customers will be notified of security breaches within 72 hours, as required by GDPR and PDPA.
– Affected users will receive guidance on risk mitigation and data recovery measures.
6.2 Risk Management & Incident Handling:
– Security risks are assessed using Cloud Security Alliance (CSA) risk management frameworks.
– A dedicated Security Incident Response Team (SIRT) handles cloud threats.

7. Enforcement & Consequences of Non-Compliance
7.1 Violations of this Policy May Result In:
– Account suspension or termination for security violations.
– Legal action for unauthorized use, data breaches, or financial fraud.
7.2 Vendor & Third-Party Compliance Breaches:
– Vendors failing cloud compliance checks may be blacklisted from future business engagements.

8. Governing Law & Dispute Resolution
8.1 This policy is governed by Malaysian law, including the PDPA 2010 and the Contracts Act 1950.
8.2 Compliance-related disputes will be resolved through mediation before arbitration or litigation.

9. Amendments & Updates
9.1 Net Onboard reserves the right to update this Cloud Compliance & Regulatory Policy at any time.
9.2 Customers, partners, and vendors will be notified of material changes via email or cloud service notifications.
For compliance-related inquiries, contact [email protected].