Information Security Policy
SecureKernel Inc. (hereinafter "the Company") protects information assets entrusted by customers and our own information assets from threats such as accidents, disasters, and crimes, and addresses information security company-wide based on the following policy to meet society's trust.
1. Purpose and Basic Philosophy
The Company ensures confidentiality, integrity, and availability of information assets to achieve business continuity and customer satisfaction.
2. Scope
This policy applies to all information assets handled by all domestic offices and contractors of the Company, including cloud environments and mobile devices.
3. Definition and Classification of Information Assets
Information assets include electronic data, paper documents, software, hardware, facilities, human assets, and external services including cloud. Assets are classified into three tiers based on importance: "Confidential," "Internal Use Only," and "Public."
4. Management Responsibility
Management positions information security as a top business priority, allocates necessary resources, and leads organizational and continuous improvement.
5. Roles and Responsibilities
A Chief Information Security Officer (CISO) is appointed and an Information Security Committee is established. The committee meets monthly to oversee risk assessments, audit results, and improvement plans.
6. Basic Initiatives
We implement access control, encryption, backups, outsourcing management, training, and DR/BCP. We hire personnel with necessary capabilities and ensure all employees acquire required knowledge and thoroughly comply with policies.
7. Compliance with Laws and Contractual Requirements
We comply with laws, regulations, and contracts including the Personal Information Protection Act, Cybersecurity Basic Act, and industry guidelines, and meet customer requirements.
8. Incident Response
When a serious incident occurs, report to the CISO promptly after discovery, analyze scope and respond within 24 hours. Conduct cause analysis and recurrence prevention measures, and report to relevant authorities and clients as necessary.
9. Education, Communication, and Publication
This policy and related regulations are posted on the internal site and communicated to all employees at least once a year. This policy is published on our website to ensure social trust.
10. Continuous Improvement
Based on changes in the information security environment and audit results, we conduct reviews and continuous improvements at least once a year.
Established: July 8, 2025
SecureKernel Inc.
CEO Takumi Iwaki