Information Security Policy

To date, AI inside Inc. (hereinafter the “Company”) is expanding its business through the platform strategy, aiming to realize the vision of “AI inside X”, where AI is modeled into various environments with the mission of “To bring AI to every being in the world and contribute to a richer future society.” The necessary elements to contribute to the world as a platformer are to provide AI Cloud services, to build a marketplace, and to provide infrastructure.
Based on this concept, we have established this Information Security Policy to operate and maintain an information security management system.

Construction of an information security management system

The Company will construct a very secure information security management system by striving to protect all information assets it possesses and complying with laws and regulations concerning information security and other rules, so that the Company can constantly ensure trust from society.

Assigning Information Security Administration Manager

The Company shall establish the post of Information Security Administration Manager and organize the Information Security Committee. Through these measures, the Company shall accurately ascertain the company-wide information security status and move forward with activities so that necessary actions can be taken promptly.

Developing internal regulations concerning information security

The Company shall develop internal regulations based on the Information Security Policy, present a clear policy for handling not only personal information but also general information assets, and ensure that the Company’s strict stance on information leaks, etc. is disseminated within and outside the Company.

Developing and improving an audit system

The Company will develop a system that enables internal audits of compliance with the Information Security Policy, regulations, rules, etc. In addition, we will endeavor to continue to undergo external audits for the purpose of obtaining more objective evaluations. By systematically implementing these audits, we will demonstrate that our employees and others comply with the security policy.

Realizing a system that ensures information security measures

The Company will realize a system that implements thorough measures in order to prevent the occurrence of incidents, such as unauthorized access, leakage, manipulation, loss, destruction and interference with use of information assets. We will take measures, such as work in high security areas, granting of access rights based on the need-to-know principle*, and restrictions on database access rights, based on an approach for thoroughly managing access to data and systems.
* Need-to-know principle: a principle where information is provided only to those who need to know it and is not provided to those who do not need to know it.

Improving information security literacy

The Company shall thoroughly provide security education and training to employees and others so that all of its personnel involved with its information assets perform duties with sufficient information security literacy. In addition, we will continue to provide education and training to cope with an ever-changing situation.

Strengthening a system for managing contractors

When entering into a service contract, the Company will conduct a full review of whether the counterparty is qualified as a contractor and request contractors to maintain a security level that is equal to or higher than that of the Company. In addition, we will continuously review our contractors and endeavor to improve the contracts so that we can continue to confirm that such security levels are maintained properly.

Scope of the Information Security Policy

Information assets subject to the policy shall be information acquired and learned in the course of corporate activities of the Company and all information possessed by the Company for business purposes. The policy shall be complied with by “officers, regular employees, temporary employees, etc.” of the Company who handle and manage the information assets and by “contractors and their employees” that handle information assets of the Company.

Cloud security measures

The Company shall comply with the subject policy in our cloud security measures to protect our information assets from any threats. In addition, the Company will strengthen and maintain our internal systems to provide cloud services in which customers can use with confidence.

Supplementary Provisions

This Information Security Policy shall come into effect on August 3, 2015.
Revision Date: March 16, 2021

ISO27001 certification

Subject organization AI inside Inc.
Scope of registration Design, development and provision of AI platforms and engines
Certified standard JIS Q 27001:2014(ISO / IEC 27001:2013)
Certified No. ISA IS 0167
Certification registration date March 22, 2016
Certification Body International System Audit Co.,Ltd.

ISO27017 certification

Subject organization AI inside Inc.
Scope of registration Design, development and provision of AI platforms and engines
【Cloud Service Customer】AWS(Amazon Web Service)
【Cloud Service Provider】DX Suite
Certified standard JIP-ISMS 517-1.0
Certified No. ISA ISC 0008
Certification registration date February 15, 2021
Certification Body International System Audit Co.,Ltd.