Privacy Policy
Information Security Basic Policy
Derivative Creation Guidelines
Request to minors
©AoharuNEXT Inc.
Information Security Basic Policy
Basic Policy on Information Security
AoharuNEXT Inc. (hereinafter referred to as "our company") will properly manage personal information and other confidential information in accordance with this policy, fully recognizing their importance.
1 Basic philosophy
The information assets, including customer information, that we handle in the course of our business are extremely important as the foundation of our business.
All personnel who handle information assets, including executives and employees who recognize the importance of protecting information assets from risks such as leakage, damage, and loss, will comply with this policy and implement activities to maintain information security, including the confidentiality, integrity, and availability of information assets.
2 Definition of Information Security
Information security means ensuring and maintaining confidentiality, integrity, and availability.
Confidentiality: The property of making information unavailable or private to unauthorized individuals, entities (groups, etc.), or processes. (Protecting information from disclosure or unauthorized access.)
Integrity: The property of protecting the accuracy and completeness of assets (protecting against falsification or errors in information).
Availability: The property of being able to access and use information when requested by an authorized entity (organization, etc.). (Protection against loss or damage of information, system downtime, etc.)
3. Implementation matters
In order to protect information assets, we have established an information security policy and related regulations, and will conduct business in accordance with these, while also complying with laws, regulations, and other standards related to information security, as well as contractual terms with our customers.
We will clarify the standards for analyzing and evaluating the risks of information assets, such as leakage, damage, and loss, establish a systematic risk assessment method, and conduct risk assessments on a regular basis. Based on the results of these assessments, we will implement necessary and appropriate security measures.
We will establish an information security system centered on the executive officer in charge, and clarify the authority and responsibility for information security. We will also regularly educate, train and raise awareness among all employees to ensure they recognize the importance of information security and handle information assets appropriately.
We will regularly inspect and audit the status of compliance with information security policies and the handling of information assets, and will promptly take corrective action for any deficiencies or items requiring improvement that are discovered.
We will take appropriate measures in the event of an information security event or incident, and in the unlikely event that such an event occurs, we will establish response procedures to minimize damage in advance, and in the event of an emergency, we will respond promptly and take appropriate corrective measures.In particular, for incidents that may result in business interruption, we will establish a management framework and review it regularly to ensure the business continuity of our organization.
4. Periodic review (continuous improvement)
The information security management system will be reviewed and improved periodically to adapt to changes in the environment.