Security Policy

  1. HOME
  2. Security Policy

Fundamental Principles

In order to deliver on our core value, Build the Trust, we recognize the importance of information and data and the serious social responsibility to prevent accidents involving information and data. We will strive to ensure the appropriate management and protection of information assets and establish and implement a system (ISMS) to ensure information security. In addition, we will continuously improve our information security by paying attention to customer needs and the latest trends in information technology.

In order to respond to the information security needs associated with the spread of cloud services, we declare that we, as a business operator, will develop and systematically improve our cloud information security measures, as well as security measures concerning our employees who are engaged in the stable operation of our cloud services. We will also develop rules and procedures for information security in order to provide domestic and overseas users with safe access to our cloud services.

Fundamental Policies

  • 1. Protection of information assets
    To protect information assets, WingArc1st will develop an information security policy and act in accordance with it. WingArc1st will also comply with laws, regulations and other norms related to information security, as well as with contracts with customers.
  • 2. Regular review of information security measures to protect information assets
    WingArc1st will conduct regular risk assessments, as well as analyze the potential risks of leakage, damage, or loss of information assets, clarify its standards of risk evaluation, and establish a systematic risk assessment method. Based on the results of these assessments, WingArc1st will implement the necessary and appropriate information security measures.
  • 3. Appropriate handling of information assets
    WingArc1st will establish an information security system centered on its designated directors and will clarify the authority and responsibilities related to information security. In addition, WingArc1st will provide regular education, training, and awareness programs to ensure that all employees are aware of the importance of information security and how to handle information assets appropriately.
  • 4. Regular review of manuals and procedures for the proper handling of information assets
    WingArc1st will regularly inspect and audit the status of its compliance with information security policies and its handling of information assets and will take prompt corrective action should it find any deficiencies or areas for improvement.
  • 5. Prevention of damage
    Should any event or incident relating to information security occur, WingArc1st will take immediate action to prevent potential damage. In the unlikely event that damage does occur, WingArc1st will have response procedures established in advance to minimize the damage, and in the event of an emergency, WingArc1st will respond promptly and take the proper corrective measures. In addition, WingArc1st will conduct recovery tests and reviews of incidents related to the interruption of our Services.
  • 6. WingArc1st will address requirements arising from the anticipated threat environment to our information assets.
  • 7. WingArc1st will impose penalties for any violation of the rules and regulations concerning information security management, and exceptions will be handled at the discretion of the ISMS top management.
  • 8. Establishment of an information security management system
    To achieve the fundamental principles of the policy, WingArc1st will establish, implement, and continuously review and improve an information security management system, cloud-specific risk measures, and personal information protection measures on the cloud.

12 January 2023
Jun Tanaka
President, Executive Officer and CEO
WingArc1st Inc.

About the Information Security Management System (ISMS)

Obtained ISO27001, ISO27017, ISO27018, and ISO27701 certifications

  • JIS Q 27001:2014 (ISO/IEC 27001:2013) JUSE-IR-507
  • JIP-ISMS517-1.0 (Requirements for ISMS cloud security certificate based on ISO/IEC27017:2015)
  • JUSE-IS27018:2018 JUSE-IR-507-CP01
  • JIS Q 27701:2024(ISO/IEC 27701:2019) JUSE-IR-507-PI01

Information Security Management System

Outline of certification

Certification Standard JIS Q 27001:2023(ISO/IEC 27001:2022)
Certification Number JUSE-IR-507
Scope of Certificate Registration
  • 1. Providing sales, maintenance, implementation support, and consulting for software products for information utilization in companies, government agencies, local governments, and other corporations and organizations
  • 2. Sales and provision of professional services and cloud services for companies, government agencies, local governments, and other corporations and organizations
  • 3. The development, operation, maintenance and provision of Business Intelligence cloud services, form cloud services, OCR / document management / data utilization cloud services, and Salesforce data bulk editing cloud services and applications.
Initial Registration Date 26 July 2018
Expiry Date 25 July 2027
Examining Authority Union of Japanese Scientists and Engineers
Certification Body ISMS Accreditation Center (ISMS-AC)

ISMS Cloud Security

Outline of certification

Certification Standard JIP-ISMS517-1.0 (Requirements of ISMS cloud security certification based on ISO/IE27017:2015)
Certification Number JUSE-IR-507-CS01
Scope of Certificate

The development, operation, maintenance and provision of Business Intelligence cloud services, form cloud services, OCR / document management / data utilization cloud services.

ISMS-CS Type / Service name:
Cloud service provider: MotionBoard Cloud, MotionBoard Cloud for Salesforce, SVF Cloud, SVF Cloud for Salesforce, and invoiceAgent
Cloud service customer: Amazon Web Service and Salesforce
Initial Registration Date 26 July 2018
Expiry Date 25 July 2027
Examining Authority Union of Japanese Scientists and Engineers
Certification Body ISMS Accreditation Center (ISMS-AC)

Personal Information Protection in the Public Cloud

Outline of certification

Certification Standard JUSE-IS27018:2023
Certification Number JUSE-IR-507-CP01
Scope of Certificate Registration The development, operation, maintenance and provision of Business Intelligence cloud services, form cloud services, OCR / document management / data utilization cloud services.
Initial Registration Date 26 July 2018
Expiry Date 25 July 2027
Examining Authority Union of Japanese Scientists and Engineers

Global Privacy Information Management System

Outlone of Certification

Certification Standard JIS Q 27701:2024(ISO/IEC 27701:2019)
Certification Number JUSE-IR-507-PI01
Scope of Certificate Registration The development, operation, maintenance and provision of Business Intelligence cloud services, form cloud services, OCR / document management / data utilization cloud services.
1. The following activity as PII processor for the above services:
Storage of the data registered by the user and its deletion upon termination of the contract.
Initial Registration Date 27 June 2024
Expiry Date 25 July 2027
Certification Body ISMS Accreditation Center (ISMS-AC)
Examining Authority Union of Japanese Scientists and Engineers