Information Security Policy

(hereafter referred to as "we"), information assets (information and information systems, etc.) are the most important assets and the source to generate profits in our business activities and related business activities. We also recognize that it is our important social responsibility to protect the information assets entrusted to us by our customers from accidents, disasters, crime, and other threats, and to live up to the trust of our customers and society. In order to fulfill this responsibility, we are committed to information security throughout the company based on the following policies.

1. We have established the following security objectives and will ensure that various measures are implemented to achieve these objectives.
[Security purpose]
We will respect and comply with customer contracts and legal or regulatory requirements.
We prevent information security incidents before they occur.
Protect information assets from information security threats.

2. We shall appropriately establish and operate an information security management system (ISMS) by expressing management's intent regarding our commitment to information security and clarifying the main action guidelines based on this intent, and shall strive to ensure the confidentiality, integrity, and availability of our important information assets, and shall continuously improve the effectiveness of this system. We will continuously improve the effectiveness of the ISMS.

3. We shall establish an Information Security Committee Chairman and an Information Security Committee for the operation of ISMS, and maintain the necessary organizational structure for its operation. In addition, we will periodically review this system and implement continuous improvement.

In order to maintain the risk of all important information assets handled at an acceptable level, we have established systematic procedures and evaluation standards for risk assessment and take appropriate risk countermeasures based on risk assessments.

5. We regularly provide training to all employees to maintain and improve ISMS, and measure the effectiveness of such training.

6. In the event of any violation of laws and regulations, breach of contract, or accident related to information security, we will take prompt and appropriate action to prevent recurrence.

1st ed.
Date of enactment April 1, 2021
Revision Date July 1, 2022
learningBOX, Inc.
Yoichiro Nishimura, Representative Director