Information Security Policy
We prioritize information security and personal data protection, and we have obtained certification for the international standard for Information Security Management Systems (hereinafter referred to as ISMS), “ISO/IEC 27001,” as well as for the international standard for Privacy Information Management Systems (hereinafter referred to as PIMS), “ISO/IEC 27701.” We will continue to work towards further enhancing our customers’ trust.
Overview of registered certification
| Applicable standard | ISO/IEC 27001:2022 | ISO/IEC 27701:2019 |
|---|---|---|
| Name | Information Security Management Systems (ISMS) | Privacy Information Management Systems (PIMS) |
| Organization registered | SHIFT Inc. | |
| Certification registration body | Japan Quality Assurance Organization | |
| Scope of registration |
・Development and maintenance of IT system ・Testing and support services for system software; Consultation service for quality assurance of the system |
As a PII manager, the following tasks will be performed:
|
| Registration number | JQA-IM2171 | JQA-PI0011 |
| Date of initial registration | October 31, 2012 | November 14, 2025 |
| Associated Organizations | Headquarter, Shinnjyuku 1st office,Sapporo 1st office, Nagoya 1st office,Osaka 1st office, Fukuoka 2nd office | |
Information Security Policy
We have formulated the Information Security Policy to meet the information security objectives outlined below.
Information Security Objectives
The company handles a host of information assets, including information we retain on behalf of our customers. Partly in order to maintain the trust of our customers, we consider it our responsibility to appropriately implement and preserve appropriate safety management measures for these information assets. To achieve these aims, we promote the Information Security Policy and activities, taking into consideration laws, regulations, regulatory requirements, and contractual information security obligations.
Information Security Policy
We have formulated the Information Security Policy to achieve and support our information security objectives.
Organization-Wide Compliance with Information Security Management System Requirements
- We will fulfill our responsibilities as managers and support efforts to reach the information security objectives.
- We will establish an Information Security Promotion Committee to promote appropriate information security measures.
- People associated with the company will act in accordance with the company’s security regulations, strive to prevent incidents related to information assets and, if an incident should occur, promptly take appropriate measures, including the introduction of measures to prevent recurrence.
- We will promote awareness and training activities related to information security.
Organization-Wide Improvements to the Information Security Management System
- We will periodically review our information security objectives and policies in response to changes in business content, organization, and technologies, striving for ongoing improvements in the information security system.
July 1, 2015
Masaru Tange, President and CEO