Information Security Policy

1　Purpose

AiCAN Co., Ltd. (hereinafter referred to as “the Company”) recognizes that ensuring information security and protecting all information assets used within the company is an essential requirement for promoting business activities with the trust of society and a significant social responsibility, as the Company conducts child consultation support business (cloud service), research and survey business, and manages employees (hereinafter referred to as “the Business”), which involve the use of many information assets. Therefore, the Company has established this Information Security Policy (hereinafter referred to as “this Policy”), recognizing the importance of information security, and will establish, implement, maintain, and continuously improve an information security management system to ensure its effective implementation.

2　Definition of Information Security

Information security is defined as the maintenance of confidentiality, integrity, and availability.

(1)　Confidentiality

Confidentiality means protecting information assets from unauthorized access and preventing disclosure to those who are not authorized to access it.
(The characteristic of not allowing unauthorized individuals, entities, or processes to use or disclose information)

(2)　Integrity

Integrity means protecting information assets from tampering and errors and ensuring that they are maintained accurately and completely.
(The characteristic of accuracy and completeness)

(3)Availability

Availability means protecting information assets from loss, damage, system failures, etc., and ensuring that they can be used when necessary.
(The characteristic of being accessible and usable when requested by authorized entities)

3　 Scope

This policy applies to all information assets managed by the Company, including all forms of media, not limited to electronic devices and data, but also including paper media.

(1)　Organization

AiCAN Co., Ltd. (all employees)

(2)　Facility

Headquarters (Address: Room 713A, West Wing, Kanagawa Science Park Innovation Center Building, 3-2-1 Sakado, Takatsu-ku, Kawasaki-shi, Kanagawa)

(3)　 Business

Child consultation support service (cloud service), investigation and research business

(4)　Assets

Documents, data, information systems, and networks related to the above businesses and various services.

4　Implementation Measures

Based on this Policy and the Company’s Information Security Management System, the following measures will be implemented:

(1)　Information Security Objectives:

We will establish information security objectives consistent with this Policy, applicable information security requirements, and the results of risk assessment and risk response, and disseminate them to all employees. We will also review them periodically, even if there are no changes, in response to changes in our environment.

(2)　Handling of Information Assets:

• a)　Access rights will be granted only to those who require them for their work.
• b)　We will manage information assets in accordance with legal and regulatory requirements, contractual requirements, and the provisions of our Information Security Management System.
• c)　We will appropriately classify and manage information assets according to their importance from the perspectives of their value, confidentiality, integrity, and availability.
• d)　We will continuously monitor to ensure that information assets are managed appropriately.

(3)　 Risk Assessment:

• a)　 We will conduct risk assessments, implement appropriate risk responses for information assets deemed most important based on the characteristics of our Business, and introduce management measures.
• b)　We will analyze the causes of incidents related to information security and take measures to prevent their recurrence.

(4)　Business Continuity Management:

We will minimize the interruption of our Business due to disasters or malfunctions and ensure our business continuity capability.

(5)　Education:

We will provide information security education and training to all employees.

(6)　Compliance with Regulations and Procedures:

We will comply with the provisions and procedures of our Information Security Management System.

(7)　Compliance with Legal and Regulatory Requirements and Contractual Requirements:

We will comply with legal and regulatory requirements related to information security, as well as contractual requirements.

(8)　 Continuous Improvement:

We will strive for the continuous improvement of our Information Security Management System.

5　Responsibilities, Obligations, and Penalties

The representative director is responsible for the Information Security Management System, including this Policy. Employees within the scope of application are obligated to comply with the established regulations and procedures. Employees who neglect their duties or engage in violations will be subject to disciplinary action in accordance with the employment regulations. With regard to cooperative company employees, appropriate measures will be taken in accordance with the individual contracts and agreements.

6　Periodic Review

The Information Security Management System will be reviewed periodically and as necessary to maintain and manage it.

Established: April 1, 2022
Last updated: July 25, 2022
Representative Director, Kota Takaoka