Information Security Policy

1. Purpose

Tech Japan K.K. (hereinafter referred to as "the Company") uses a great deal of information assets in the course of conducting its recruitment business, software development business, and employee management (hereinafter referred to as "the Business"), and the Company recognizes that it is a vital social responsibility to implement appropriate information security and protect information assets in order to promote corporate activities based on the trust of society. T herefore, in light of the importance of i nformation security, we have established this information security policy (hereinafter referred to as "this policy") and will establish, implement, maintain, and improve an information security management system for concrete implementation

2. Definition of Information Security

Information security is defined as the maintenance of confidentiality, integrity, and availability.

(1) Confidentiality
It means to protect information assets from unauthorized access and leakage to unauthorized persons, entities, or processes. (the property of not making information available or disclosing it to unauthorized persons, entities or processes)

(2) Integrity
It means that information assets are protected from falsification or error and maintained accurately and completely. (Characteristics of Accuracy and Completeness)

(3) Availability
It means the ability to protect information assets from loss, damage, system outages, etc., and to make them available when needed. (The characteristic of being available for access and use when requested by an authorized entity.)

3. Scope of Application

This policy applies to all information assets managed by the Company. The scope of information assets is not limited to electronic devices and electronic data, but includes all forms of information assets, including paper media.

(1) Organization
Tech Japan KK (all employees)

(2) Facility
Head Office (Address: 7F, 2-21-3 Higashi-Ueno, Taito-ku, Tokyo)

(3)Business
Recruiting business, software development business

(3)Assets
Documents, data, information systems and networks related to the above business and various services Recruiting business, software development business

4. Implementation Matters

In accordance with this policy and our information security management system, we will implement the following items.

(1) Information security objectives
We will establish information security objectives that consider applicable information security requirements and the results of risk assessments and risk responses, and are consistent with this policy. In addition to keeping all employees informed about the objectives, we will review them from time to time in response to the changing environment of the Company, or periodically even if there are no changes.

(2) Handling of information assets

a) Access privileges shall be granted only to those who need them for business purposes.

b) Information assets are managed in accordance with legal and regulatory requirements, contractual requirements, and the provisions of our information security management system.

c) Information assets are properly classified and managed according to their importance in terms of value, confidentiality, integrity, and availability.

d) Continuous monitoring is conducted to ensure that information assets are properly managed.

(3) Risk Assessment

a) We conduct risk assessments and implement appropriate risk responses for information assets deemed most important based on the characteristics of our business, and introduce control measures.

b) We analyse the causes of accidents related to information security and take measures to prevent recurrence.

(4) Business Continuity Management
We ensure business continuity capability by minimizing business interruption due to disasters and breakdowns.

(5) Education
We conduct information security education and training for all employees.

(6) Compliance with regulations and procedures
We comply with the rules and procedures of the information security management system.

(7) Compliance with legal, regulatory, and contractual requirements
We comply with legal, regulatory, and contractual requirements related to information security.

(8) Continuous Improvement
We are committed to continuously improve our information security management system

5. Responsibility, Obligations, and Penalties

Top management shall be responsible for the information security management system, including this policy, and employees within the scope of application shall be obligated to comply with the regulations and procedures established. Employees who fail to comply with their obligations and commit violations will be punished in accordance with the employment regulations. Employees of subcontractors shall be dealt with in accordance with individually defined contracts.  

6. Periodic Review

The information security management system shall be reviewed, maintained and managed on a regular and as-needed basis.  

Enacted: May 1, 2022

Top Management: Naotaka Nishiyama