A set of measures and practices to protect the confidentiality, integrity, and availability of MyInvois System’s data and transactions.
(a) Authentication and Authorization
Taxpayers will be authenticated using a unique identity, enabling them to perform authorized actions such as submitting, receiving, and requesting. MyInvois API utilizes OAuth for both user authorization and API authentication.
This authentication and authorization process ensures that only authorized individuals have access to the system and can perform relevant actions within it.
(b) Data Encryption
The API communication between the supplier and MyInvois is encrypted using TLS encryption protocol (HTTPS). Critical data stored in the MyInvois system is encrypted using AES algorithm. All data transmissions and e-Invoice data received comply with IRBM’s ICT Security Policy and Guidelines for Information Management via Cloud Computing.
Data encryption ensures secure communication and storage of sensitive information in the MyInvois System, following industry standards and best practices.
(c) Cybersecurity Standards
IRBM ensures that the MyInvois System complies with ISO/IEC 27001 and ISO 22301 certifications. These certifications demonstrate IRBM’s commitment to information security and business continuity. By aligning with these cybersecurity standards, IRBM safeguards the confidentiality, integrity, and availability of data in the MyInvois System.
The following key steps will be taken to monitor e-Invoice data security and privacy:
1. Assessing data protection needs:
Before monitoring and auditing e-Invoice data security and privacy, IRBM will identify the type of data collected, processed, stored, and shared through the MyInvois System. This process helps IRBM understand the legal and contractual obligations related to the data, such as data privacy laws or industry standards. Based on these needs, IRBM will define data security and privacy policies and objectives.
2. Implementing data protection controls:
IRBM will implement appropriate technical and organizational controls to protect e-Invoice data from unauthorized access, modification, loss, or disclosure. These controls may include encryption, authentication, access control, backup, firewall, antivirus, and access logging.
3. Monitoring and auditing data protection performance and incidents:
IRBM will benchmark the performance against objectives and industry best practices, and report, investigate, resolve, and learn from any data breaches, errors, complaints, or violations that may affect the e-Invoice.
4. Continuously reviewing and improving data protection practices:
Based on the monitoring and auditing activities, IRBM will review and improve data protection practices to address any gaps, weaknesses, or opportunities for improvement in data protection policies, controls, performance, or incidents.
Conclusion
IRBM’s commitment to data security and privacy monitoring is evident in their robust measures and practices. With a focus on authentication, authorization, data encryption, and adherence to cybersecurity standards, they ensure the confidentiality, integrity, and availability of data in their MyInvois System.
Their compliance with ISO/IEC 27001 and ISO 22301 certifications further demonstrates their dedication to safeguarding information. By assessing data protection needs, implementing data protection controls, monitoring and auditing performance and incidents, and continuously improving their practices, IRBM prioritizes the security and privacy of e-Invoice data.
Trust in IRBM’s comprehensive approach to data protection and privacy monitoring for a secure and reliable experience.
Disclaimer: The information provided on this platform is for general informational purposes only. It does not constitute professional advice and should not be relied upon for making decisions. Wanconnect Consulting Group is not responsible for any errors or omissions in the content or for any actions taken based on the information provided. We recommend seeking professional advice for specific situations. Wanconnect Consulting Group reserves the right to modify, update, or remove any content without notice.