1. Purpose

Def tribe Co., Ltd. (hereinafter referred to as "the Company") provides many services such as system development, IT technical support, system consulting, and management consulting, and manages employees (hereinafter referred to as "business"). Since we use information assets, it is essential to properly implement information security and protect information assets, which is an indispensable requirement to promote corporate activities with the trust of society and is important. We recognize that this is a social responsibility. Therefore, in consideration of the importance of information security, the Company has established this information security policy (hereinafter referred to as “this policy”), and has established, implemented, and maintained an information security management system for concrete implementation. And will improve.

2. Definition of information security

Information security is defined as maintaining confidentiality, integrity and availability.

(1) Confidentiality

This means that information assets are protected from unauthorized access and do not leak to unauthorized persons.
(Properties that do not allow or disclose information to unauthorized individuals, entities or processes)

(2) Integrity

This means that information assets are protected from tampering and error, and are maintained accurately and completely.
(Characteristics of accuracy and completeness)

(3) Availability

This means that information assets can be protected from loss, damage or system outages, and can be used when needed.
(Characteristics that can be accessed and used when requested by an authorized entity)

3 Scope

This policy applies to all information assets managed by the Company. The scope of information assets includes not only electronic devices and electronic data, but also all forms including paper media.

(1) Organization

Def tribe Co., Ltd.(Head Office)

(2) Facilities

Head Office (Osaka-Shi, Chuo-Ku, Minamisenba 4-12-24 Gendai Shinsaibashi Biru 5F)

(3) Business

Contract software development, operation and maintenance as well as management, website creation, and temporary staffing services

(4) Assets

Documents, data, information systems and networks related to the above businesses and services

4 Implementation items

The following items will be implemented in accordance with this policy and our information security management system.

(1) Information security purpose

Formulate information security objectives that are consistent with this policy and take into account applicable information security requirements and the results of the risk assessment and risk response, disseminate it to all employees, and respond to changes in the Company's environment. We will conduct regular reviews at any time without any change.

(2) Handling of information assets

a) Access rights shall be granted only to those who need them.
b) We manage in accordance with legal and regulatory requirements, contractual requirements, and the provisions of our information security management system.
c) From the perspective of the value, confidentiality, integrity, and availability of information assets, they are appropriately classified and managed according to their importance.
d) Perform continuous monitoring to ensure that information assets are properly managed.

(3) Risk assessment

a) We conduct risk assessments, take appropriate risk measures for information assets that we determine to be the most important based on the characteristics of our business, and introduce control measures.
b) Analyze the causes of accidents related to information security and take measures to prevent recurrence.

(4) Continuing information security

Minimize the effects of disasters and breakdowns, and ensure information security continuity.

(5) About education

Conduct information security education and training for all employees.

(6) Compliance with regulations and procedures

We comply with the rules and procedures of the information security management system.

(7) Compliance with legal and regulatory requirements and contractual requirements

We comply with legal and regulatory requirements for information security and contractual requirements.

(8) Continuous improvement

We work on continuous improvement of information security management system.

5 Responsibilities and obligations and penalties

The responsibility for the information security management system including this policy shall be borne by the Representative Director, and the employees of the applicable scope shall be obliged to adhere to the rules and procedures established. Employees who neglect their obligations and commit violations shall be disposed of in accordance with the rules of employment. We cooperate with employees of partner companies in accordance with contracts stipulated individually.

6 Regular Review

Review of the information security management system shall be reviewed and maintained and managed periodically and as needed.

7 About our website security

(1) Use of SSL when collecting personal information

When acquiring personal information through the website operated by the Company, in order to protect the personal information from unauthorized access by third parties, we protect it with SSL (Secure Sockets Layer) encrypted communication and strive to ensure security.

(2) About the use of cookies

Our website uses Google Analytics to collect and analyze normal access logs, as well as measure data (age, gender, interests, interests, behavior history, etc.). For collection, analysis and measurement, we use first-party cookies and third-party cookies for the purpose of ensuring redundancy, and do not store personally identifiable information, only unique identifiers. You can use the opt-out procedure to refuse each tracking. If you wish, please follow the procedure below.
Google Analytics opt-out add-on

(3) Security measures for cross-site scripting (CSS / XSS) and SQL injection

Our website conducts appropriate inspections and measures from the time of development, and takes measures against cross-site scripting (CSS / XSS) and SQL injection.

(4) Other security measures

The servers hosting our website are equipped with firewalls and anti-virus measures to prevent personal information from being accessed, lost, destroyed, falsified, leaked, and infected with viruses.

Enactment: 2019/2/12
Last Revision Date: 2019/6/1
CEO: Hiroaki Kono