Security

Message from the Information Security Committee

"Protect information 7:2:1"

Technical measures and compliance

70% of information can be protected by physical and technical measures. 20% can be protected by improving morals and thoroughly complying with laws and regulations as compliance.

Risk management is essential

People make mistakes and, unfortunately, they can be malicious. It is necessary to systematically manage risks and prepare for unforeseen circumstances.
We believe that we should do our best to minimize the damage caused to our customers. However, this alone is not enough. Information must be managed with a three-point set that includes 10% of risk management.

Compliance and risk management

It has become possible to protect 70% of information assets by any physical or technical measures so far. But this is not enough. In addition to these measures, we will be aware of the three-point set of compliance (improvement of morals / compliance with laws and regulations) and risk management (preparation for unforeseen circumstances) and will not cause incidents or accidents. We believe that we must aim to minimize damage.

Policy

Certification status

System chart

Security is the foundation that supports our business, and we have set high standards and worked to achieve them since our establishment.
The CISO (Chief Information Security Officer) is responsible for promoting security and at the same time has the role of ensuring appropriate control over the entire company.

Information security and risk management basic policy

In order to protect information assets, a single countermeasure is not enough, so mutual countermeasures are necessary.
(It is necessary to reconsider countermeasures from time to time in response to new threats.)

Internal efforts

In order to maintain the security level, it is necessary to build a mechanism that can maintain a high security level even if the personnel in the organization are replaced.
We have created a handbook and conduct group training, and are working to incorporate measures so that awareness does not fade.

Physical measures

We have set 7 levels of information handling locations, restricted entry / exit and access, and strictly managed access control to various types of information.

Educational measures

1. Information delivery

We regularly distribute security information to employees for the purpose of raising awareness of information security.
Our parent company, SoftBank Corp., distributes information security incidents and events that have occurred at group companies and other companies in the same industry, as well as vulnerability information from security vendors, in an effort to ensure that all employees understand the latest trends.

2. E-learning

We conduct e-learning on information security twice a year. E-learning is very popular because it can be taught at any time, so it can be carried out during employees' free time.
In addition, the results can be stored in a database and the level of understanding of employees can be accurately measured, so that all employees can work with the same knowledge about information security.