Information Security
KINCHAKU Inc. is committed to ensuring that our customers can use our services with peace of mind and safety. To this end, we are dedicated to continuously strengthening our security measures and raising awareness about security issues.
ISMS Certificate
- Registration Number:JP22/00000048
- Registration Date:2022年4月29日
- Standards :JIS Q 27001:2014(ISO/IEC 27001:2013)
Information Security Policy
KINCHAKU Inc. (hereinafter referred to as "our company") is committed to protecting our information assets and those entrusted to us by our customers from threats such as accidents, disasters, and crimes. In order to earn the trust of our customers and society, we are dedicated to information security across the company, guided by the following policy.
Our company is committed to systematically and continuously improving and enhancing information security under the leadership of management.
- Organization and Maintenance of Internal Systems
We establish an organization dedicated to maintaining and improving information security and formalize information security measures as official internal regulations. - Employee Engagement
Our employees acquire the necessary knowledge and skills for information security and ensure our commitment to information security is solid. - Implementation of Appropriate Information Asset Management
We manage the information assets we handle appropriately, according to their confidentiality, integrity, and availability, using SecureNavi SaaS. - Compliance with Laws and Contractual Requirements
We comply with various laws, regulations, and contracts with customers, partners, and employees, and handle information assets appropriately. - Response to Violations and Incidents
In case of legal violations, contractual breaches, or incidents related to information security, we respond appropriately and strive to prevent recurrence. - Management of Contractors
Even when outsourcing work, we strive to maintain an information security level that is equivalent to or higher than our own. - Continuous Improvement
By regularly evaluating and reviewing the above efforts, we aim for continuous improvement in information security. - Cybersecurity Measures
We establish a cybersecurity framework, measures to prevent attacks, and preparations for when attacks occur, and strive to protect information assets from all threats, including cyber attacks, and to ensure and improve security.
Encryption
All personal information handled by KINCHAKU is encrypted via SSL/TLS during transmission within the system, preventing data tampering, impersonation, and leakage of communication contents by malicious third parties. Furthermore, each piece of data is encrypted or hashed based on industry-standard best practices before being stored on the system.
Application Security Standard
To ensure the quality and security of the KINCHAKU application, we are developing software based on the OWASP Application Security Verification Standard 4.0.
WAF
The servers on which KINCHAKU's data is stored are managed on cloud infrastructure equipped with the latest security facilities. This cloud enforces strict access control, and only a minimal number of personnel within our company are granted access. Access is not granted without prior permission based on a reasonable cause.
Our company implements a WAF (Web Application Firewall). It filters traffic based on IP addresses, HTTP headers, and HTTP bodies, protecting the KINCHAKU platform from attacks. It's possible to restrict IP addresses that can connect to KINCHAKU servers. Furthermore, restrictions can be set at the role level associated with an account.
Vulnerability Management Workflow
Our product team regularly performs static and dynamic analysis of applications to detect potential vulnerabilities. All vulnerabilities found in this scan are managed according to the Vulnerability Management Workflow and are promptly corrected.
Vulnerabilities found in KINCHAKU software are managed according to a strict workflow to ensure they can be quickly fixed. We determine the priority of vulnerability fixes based on a threat model and make corrections based on that priority and urgency.
- Published On:2021/12/22
- Revised On: 2022/05/19