We, as a specialist in membership management and membership website systems, develop and operate a cloud-based membership management platform.We provide this platform to various organizations and businesses that manage member information and operate member websites, such as academic societies and alumni associations
As we engage in our core business of providing membership management systems, we recognize that handling customer and company confidential information accurately and securely, as well as maintaining and enhancing information security through appropriate risk management, is not only a critical business priority but also a social responsibility.
Therefore, we have established the following "Basic Information Security Policy" (hereinafter referred to as "this Policy"), which we pledge to uphold and continuously improve.
| 1 | Definition of Information Security |
| In this context, information security refers to ensuring and maintaining the confidentiality, integrity, and availability of information assets. | |
| 2 | Purpose |
| By continuing to pursue the best information security practices, we aim to earn the trust of our customers and fulfill our social responsibility as a company. | |
| 3 | Scope of Application |
| This Policy applies to the cloud-based membership management platform, as well as its planning, development, maintenance, support, and marketing operations. It also extends to the cloud services used as a customer for providing this platform. Furthermore, it covers all information assets related to this business. | |
| 4 | Goals |
| We aim to minimize the likelihood of information security incidents. Should such incidents occur, we will take appropriate measures to minimize the impact and prevent recurrence. | |
| 5 | Protection of Personal Information |
| We will handle personal information involved in the membership management system business in accordance with our "Privacy Policy," implementing necessary safeguards and appropriate security measures. | |
| 6 | Information Security Management System |
| We will establish an Information Security Management System (ISMS) and appoint an Information Security Officer to oversee the system. | |
| 7 | Risk Assessment |
| We will evaluate threats and vulnerabilities for all information assets in the membership management business from the perspectives of confidentiality, integrity, and availability. Based on this assessment, we will implement administrative, physical, and technical security measures. | |
| 8 | Compliance |
| Employees and officers within the scope of application must comply with laws, guidelines, internal regulations, rules, and contractual obligations related to information security. | |
| 9 | Education |
| We will ensure that all employees and officers within the scope of application understand this Policy and will provide continuous education necessary for maintaining and improving information security. | |
| 10 | Business Continuity Plan |
| We will implement measures to address business interruptions caused by system outages or natural disasters, thereby protecting critical business processes and ensuring the resumption of business activities. | |
| 11 | Internal Audit |
| We will conduct regular internal audits to verify compliance with information security requirements. | |
| 12 | Outsourcing Management |
| When outsourcing operations, we will assess the external suppliers or developers and regularly review their information security measures. We will strive to ensure that they maintain information security standards equivalent to those of our company. | |
| 13 | Penalties |
| Employees who violate this Policy will be subject to disciplinary action in accordance with company regulations. | |
Established: April 1, 2017 Last revised: February 26, 2024 EastGate Corporation President Yasuhito Usui |