Information Security Policy

1st ed.
Date of enactment April 1, 2021
Revision Date July 1, 2022
learningBOX, Inc.
Yoichiro Nishimura, Representative Director

(hereafter referred to as "we"), information assets (information and information systems, etc.) are the most important assets and the source to generate profits in our business activities and related business activities. We also recognize that it is our important social responsibility to protect the information assets entrusted to us by our customers from accidents, disasters, crime, and other threats, and to live up to the trust of our customers and society. In order to fulfill this responsibility, we are committed to information security throughout the company based on the following policies.

    1. The Company has established the following security objectives and will ensure that various measures are implemented to achieve these objectives.
      [Security purpose]
      We will respect and comply with customer contracts and legal or regulatory requirements.
      We prevent information security incidents before they occur.
      Protect information assets from information security threats.
    2. We will appropriately establish and operate an information security management system (ISMS) by expressing management's intentions regarding the Company's approach to information security and by clarifying the main action guidelines based on the ISMS, and will strive to ensure the confidentiality, integrity and availability of important information assets and to We will continuously improve its effectiveness.
    3. We will establish an Information Security Committee Chairman and an Information Security Committee for the operation of ISMS, and establish the necessary organizational structure for its operation. In addition, we will periodically review this system and implement continuous improvements.
    4. In order to maintain the risk of all important information assets handled by the Company at an acceptable level, the Company shall establish systematic procedures and evaluation standards for risk assessment and shall take appropriate risk countermeasures based on the risk assessment.
    5. In order to maintain and improve the ISMS, we conduct regular training for all employees and measure the effectiveness.
    6. In the event of a violation of laws or regulations, a breach of contract, or an accident related to information security, the Company will take prompt and appropriate action to prevent recurrence.