Information security policy

Basic principle

Crowd Cast, Ltd. (hereinafter referred to as "our company") is conducting business with the philosophy of supporting "individuals" who are not bound by the existing framework and transform the world with new ideas.

Information assets such as customer information handled in our business are extremely important as our management base.

Persons who handle information assets, including officers and employees who recognize the importance of protecting information assets from risks such as leakage, damage, and loss, comply with this policy, and the confidentiality and completeness of information assets. We carry out activities to maintain information security.

Basic policy

1. In order to protect information assets, we will formulate an information security policy, operate in accordance with it, and comply with laws, regulations and other norms related to information security, as well as contracts with customers.
2. We will clarify the criteria for analyzing and evaluating the risks of leakage, damage, loss, etc. that exist in information assets, establish a systematic risk assessment method, and carry out risk assessment on a regular basis. In addition, based on the results, we will implement necessary and appropriate security measures.
3. We will establish an information security system centered on the officer in charge and clarify the authority and responsibilities related to information security. In addition, all employees are aware of the importance of information security and regularly educate, train and raise awareness to ensure the proper handling of information assets.
4. We will regularly inspect and audit the status of compliance with the information security policy and the handling of information assets, and promptly take corrective action for any deficiencies or improvement items found.
5. In addition to taking appropriate measures against the occurrence of information security events and incidents, in the unlikely event that they occur, we will establish a response procedure in advance to minimize damage, and promptly in the event of an emergency. We will respond and take appropriate corrective action. In particular, for incidents related to business interruption, we will establish a management framework and regularly review it to ensure the continuity of our business.
6. We will establish an information security management system that sets goals to realize the basic philosophy, implement it, and continuously review and improve it.