With its philosophy “to make a new future by 'inventing new places'”, tsukuruba inc. (hereinafter referred to as “the company”) aims to create a world in which society evolves for the better through the propagation of each person's thoughts. And we are developing businesses that crosses real space and information space. Information assets, such as valuable customer information handled in our business are, extremely important to us as they are the foundation of our management.
Recognizing the importance of protecting these information assets from risks such as leakage, damage, loss, etc., all officers, employees and workers at tsukuruba will comply with this policy. And all officers, employees and workers at tsukuruba will conduct ourselves in accordance with this policy in order to promote information security from the perspectives of information confidentiality, integrity and availability.
- In order to protect information assets, we will establish information security policy and will conduct ourselves in accordance with this policy. We will comply with information security policy, laws, regulations and contract terms.
- We will clarify the criteria for analyzing and evaluating risks such as information leakage, damage, and loss that exist for information assets, establish a systematic risk assessment method, and conduct risk assessment regularly. In addition, necessary and appropriate security measures will be implemented based on the results.
- We will establish an information security system led by our representative director and clarify the authority and responsibility for information security. All employees will also receive regular education, training and awareness to recognize the importance of information security and ensure proper handling of information assets.
- We will regularly inspect and audit the status of compliance with information security policy and the handling of information assets, and take corrective actions promptly for any deficiencies found or improvements.
- In addition to taking appropriate measures for the occurrence of information security events and incidents, in the unlikely event that they occur, we will establish a response procedure to minimize damage in advance. We will respond promptly and take appropriate corrective actions. In particular, we will establish a framework for managing incidents related to business interruptions, regularly respond, conduct recovery tests, and review to ensure our business continuity.
- We will establish and implement an information security management system that sets goals for realizing the basic philosophy, and continuously review and make improvements to the system.
Hiroki Murakami, CEO
Masahiro Nakamura, CCO