Basic Policy for Information Security
Established on November 21, 2018
Ko Ishiyama, President & CEO
The Company aims to solve social issues through its AI platform business (analysis of image/video/text/voice, etc.) and AI product business (care, HR, Fin, Med, robot, etc.) by utilizing AI technologies and ICT to provide services and solutions.
The company is aware that the securing of information security to achieve the above purposes is not only a business challenge that must be surely dealt with in order to ensure that the utilization of AI and ICT provided by the Company leads to customers’ trust and satisfaction and to continuous development, but that doing so is also the Company’s social responsibility.
With this awareness, the Company considers it to be its fundamental principle to support customers from the perspectives of reliability, safety, confidentiality of information systems. Accordingly, the Company hereby stipulates this Basic Policy for Information Security and vows to introduce, establish, implement, maintain, and continuously improve an information security management system (ISMS) that is compatible with the requirements for customers’ information security as well as with the requirements for the standards of norms for implementing management measures for information security intended for information security management system (ISO/IEC 27001 (JIS Q 27001)) and cloud services (ISO/IEC 27017 (JIS Q 27017)).
- In order to realize measures that are based on the Basic Policy for Information Security, to build an information security organizational structure, maintain a security policy, (manual and rules, etc.), assign a clear and specific role and authority to the Chief Information Security Officer (CISO), assign resources and ensure the confidentiality, completeness, and availability of information assets in the Company’s business.
- By continuously implementing training for the relevant officers and employees, and disseminating the need for understanding and management of information security, to protect and manage, with clear intentions, information security pertaining to the services and solutions and the like provided by the Company, and to continue to maintain the business.
- By classifying all information assets pertaining to the performance of work, regularly conduct a risk assessment, and plan and implement the measures for information security management according to the level of each risk.
- To comply with the Copyright Act, Act on Prohibition of Unauthorized Computer Access, Act on the Protection of Personal Information, as well as laws, standards, and industry guidelines related to information security, and contractual information security.
- Always implement risk communication, have an appropriate understanding of the occurrence of incidents involving information security, analyze the cause of the incidents, and promptly take corrective actions.
- Regularly review the effectiveness of the measures for information security management, and look over the measures as needed for continuous improvement.