Basic Policy on Information Security
Enacted November 21, 2018
Amended on March 16, 2020
Ko Ishiyama, President & CEO
Through our AI platform business (analysis of image, video, text, voice, etc.) and our AI product business (Care, HR, Fin, Med, Robotics, etc.), we hope to solve social issues by providing services and solutions that make use of AI technology and ICT.
To accomplish these goals, we recognize that ensuring information security is a management issue that must be addressed in order to ensure that the Company’s use of AI and ICT is trusted by and satisfies customers and continues to develop, as well as a social responsibility.
Based on this recognition, we have established this Basic Policy on Information Security with the aim of supporting our customers from the perspectives of reliability, safety, and confidentiality of information systems.
We will introduce, establish, implement, maintain, and continuously improve the contractual agreements and requirements related to customer information security, Information Security Management System (ISO/IEC 27001 (JIS Q 27001)), Requirements for ISMS Cloud Security Certification (JIP-ISMS517), Code of Practice for Information Security Controls for Cloud Services (ISO/IEC 27017 (JIS Q 27017)), and Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors (ISO/IEC 27018).
- In order to realize the measures based on the basic policy on information security, we have established an information security organization system, developed a security policy (manuals and regulations), assigned a clear and specific role and authority to the CISO (Chief Information Security Officer), investing resources, and implemented the following measures to ensure the confidentiality, integrity and availability of information assets in our business.
- We will continuously educate our executives and employees to make them understand the necessity of information security management and protect and manage the information security of our services and solutions with a clear intention to maintain business continuity.
- We will classify all information assets related to business operations, conduct risk assessments on a regular basis, and plan and implement information security management measures according to the degree of risk. In addition, we will implement information security management measures for the use and provision of cloud services and data processing according to the specific risk.
- We will comply with the Copyright Act, the Act on Prohibition of Unauthorized Computer Access, etc., the Unfair Competition Prevention Act, the Act on the Protection of Personal Information, the General Data Protection Regulation (GDPR), and other laws and regulations and codes related to information security, industry guidelines, and contractual information security with our customers.
- We will always implement risk communication, accurately assess the occurrence of information security incidents, security events and non-conformities, analyze the causes of these incidents, and take immediate corrective action.
- We will periodically assess the effectiveness of the information security control measures, and continuously improve them as necessary.