EastGate Corporation (hereinafter referred to as "the company") develops and operates SaaS-type membership management solutions with the motto of being a specialist in "membership management and membership site systems" and provides them to various organizations and companies that manage membership information and membership sites such as academic societies and alumni associations.
In conducting the core Membership Management Solution business, the company recognizes that it is the company’s responsibility to handle customer information and the company’s confidential information accurately and safely and to maintain and improve information security through appropriate risk countermeasures.
The company also recognizes that maintaining and improving information security through appropriate risk measures is not only the company’s most important management task but also social responsibility.
Therefore, the company has established the following "Basic Policy on Information Security (hereinafter referred to as the "Policy")" and declares that the company shall comply with and continuously improve it.
| 1 | Definition of Information Security |
| Information security herein means ensuring and maintaining the confidentiality, integrity, and availability of information assets. | |
| 2 | Purpose |
| By continuing to pursue the best information security practices, the company aims to earn the trust of our customers and fulfill our social responsibility as a company. | |
| 3 | Scope of Application |
| The scope of the application shall cover system planning, development, maintenance, support, and marketing operations in the Membership Management Solution business. In addition, the company will target all information assets related to this business. |
|
| 4 | Objectives |
| Minimize the possibility of information security incidents. In the unlikely event that an information security incident occurs, the company will minimize the damage and take appropriate measures to prevent a recurrence. | |
| 5 | Protection of personal information |
| The company will protect personal information handled in the Membership Management Solution business in accordance with the "Privacy Policy" and take necessary protection and appropriate security measures. | |
| 6 | Information security management system |
| The company shall establish an information security management system and appoint an information security manager to take overall responsibility for this system. | |
| 7 | Risk assessment |
| All information assets in the member management business are assessed for threats and vulnerabilities in terms of confidentiality, integrity, and availability. Based on this assessment, administrative, physical, and technical security measures are implemented. | |
| 8 | Compliance |
| Employees and officers within the scope of the application shall comply with laws and guidelines related to information security, regulations and rules established by the company, and contractual obligations. | |
| 9 | Education |
| The company will ensure that all employees and officers within the scope of the application are fully aware of the content of this policy, and shall continue to provide the education necessary to maintain and improve information security. | |
| 10 | Business Continuity Plan |
| The company will take measures to protect critical business processes and ensure the resumption of business activities in the event of business interruption due to information system outages or disasters. | |
| 11 | Internal audit |
| Internal audits will be conducted periodically to ensure that information security is being complied with. | |
| 12 | Outsourcing management |
| While outsourcing work, the company will review the eligibility of the contractor and periodically check the information security. In this way, the company will strive to ensure the same level of information security as a company with the subcontractors. | |
| 13 | Penalties |
| Any employee who violates this policy shall be subject to disciplinary action in accordance with the employment regulations. | |
Established: April 1, 2017 EastGate Corporation President Yasuhito Usui |