Basic Information Security Policies

Basic Principles

SOOTH Inc. (“the Company”) places, as part of its operational foundation, the utmost importance on all types of information assets that it handles in the course of its business, including its customers' information.

The Company recognizes the importance of protecting these information assets from leaks, defamation, destruction, and other risks. It shall promote efforts to ensure that all its executives and employees adhere to these policies and to maintain the confidentiality, integrity, availability, and other aspects of the information security of these assets.

Basic Policies

  1. The Company shall formulate information security policies to protect information assets and follow these policies as it conducts its business. It shall also observe the standards prescribed in all information security-related laws and regulations, and its contractual obligations.
  2. The Company shall clarify the criteria for analyzing and evaluating all risks to information assets, including leaks, defamation, and destruction; establish systematic risk assessment methods; and conduct regular risk assessments. Furthermore, based on these results, the Company shall implement any necessary and appropriate security countermeasures.
  3. The Company shall establish an information security structure with a focus on its executives, and it shall clarify their rights and responsibilities regarding information security. Moreover, the Company shall regularly provide education, training, and development to ensure that all employees recognize the importance of information security and properly handle information assets.
  4. The Company shall regularly conduct inspections and audits regarding compliance with its information security policies and the handling of information assets, and it shall promptly take corrective measures for any discovered insufficiencies or points that require improvement.
  5. In addition to taking appropriate measures to prevent the occurrence of any information security events or incidents, the Company shall establish response protocols to minimize harm in the unlikely event that such information security events or incidents occur. In the event of an emergency, the Company shall respond immediately and take appropriate corrective measures. The Company shall also establish a framework for managing any incidents that involve the cessation of business activities, and it shall ensure the continuation of its business by regularly applying, testing, and reviewing these frameworks.
  6. The Company shall establish an information security management system that defines targets for realizing the basic principles behind these policies, and it shall regularly review and improve this system as it is implemented.

Enactment date: February 1, 2018
Presidents: Yasutoshi Nukada

Back To Home