Security Policy

Information Security Basic Policy

EduLab, Inc. (hereinafter referred to as “EduLab”) provides educational services using frontier educational measurement technologies and IT technology. The company seeks to make a contribution to our society by supporting the educational and manpower fostering activities of schools and businesses, as well as individual study activities.

EduLab believes that it must handle all information, as informational assets with sufficient care, in terms of particularly confidentiality, completeness and availability. Based on this thinking, EduLab has established the Information Security Basic Policy, and hereby declares that it will make every effort to implement this and to continue to improve and update it.

1. Definition of Information Security

Specifies ensuring and maintaining the confidentiality, completeness and availability of information assets.

• Note: Confidentiality means allowing only approved users access, and not leaking information outside.
• Note: Completeness means that information and information systems are accurate, and the information handling procedures are clarified, and observed.
• Note: Availability means that approved users can access the necessary information and the necessary information systems.

2. Purpose

EduLab aims to respond to the trust given to us by stakeholders, such as customers, business partners, stock holders and employees, and fulfill its corporate social responsibility, by handling information assets properly.

3. Scope

1. (1) All of EduLab’s organizations are within the scope of our policy.
2. (2) Company board members, and employees, workers dispatched to EduLab by dispatch agreement, workers onsite based on work consignment agreements, and all part-time and temporary contract staff are within the scope of our policy.
3. (3) All information related to work activities under EduLab’s control is within the scope of our policy.

4. Goal

1. (1) To prevent accidents from occurring and to minimize incidents.
2. (2) In the event that an information security incident occurs, we will minimize damages and ensure business continuity.

5. Framework for Risk Measures

At EduLab, we implement risk assessment and risk management according to the following framework, and have set control goals and measures.

1. (1) Awareness and classification of information assets

   EduLab classifies information assets by correctly identifying the importance levels of information assets in EduLab.

2. (2) Risk assessment

   At EduLab, we establish a cornerstone for evaluating risks to implement risk assessment.

3. (3) Risk management

   EduLab implements controlling, physical and technical risk measures.

6. Other Information Security Rules

1. (1) Observing duty to information security

   EduLab observes its duty to information security according to law, rules, internal rules and agreements.

2. (2) Implement training and enlightenment activities

   EduLab implements education and enlightenment activities regarding information security.

3. (3) Control for sustaining business

   EduLab handles interrupted business activities, protects important business processes, and ensures the restart of business activities and important business processes upon a major failure of the information system, or a disaster.

4. (4) Apply punishment when there are violations

   EduLab applies punishment for violators of the information security policy.

7. Responsibility for information security management

If ever an information security incident occurs, the general and specific areas of responsibility for information security, including handling reporting externally, will be borne by the management of EduLab.

8. Documentation of the information security management system

At EduLab, we will properly create and maintain information security management documentation to control information security. Also, we will implement this policy and use this documentation.

9. Approval and review of this policy

This policy will be approved by the company’s board of directors and periodically reviewed.

Contact for information security inquiries