Corporate Governance

Basic Information Security Policy

Digital Garage (DG) regards the information we possess and our information systems (computers, networks, etc.) for executing business by DG and our subsidiaries ("DG Group") as "information assets." We make best efforts for information security to safely handle these assets.

Operational structure for information security

CEO and directors in charge of information security appoint a chief information security officer (CISO), who serves as a central information hub in security management throughout the overall DG Group. Because the DG Group implements different business formats in each segment and different security risks must be dealt with in each company, the group is taking required security measures and acquires external certifications. CISO also conducts reviews for multifaceted confirmation of the security structure. A structure is set up in which, if a serious security incident occurs in the DG Group, CISO serves a central role to promptly work with DG's management and respond appropriately to the problem.

Certifications

The DG Group is qualified to obtain third-party certifications according to the special characteristics of our businesses. DG has received PrivacyMark certification for our personal information protection management system complying to JIS Q 15001. DG and our subsidiaries have received certification as a group for ISO/IEC 27001:2013, an international standard for information security management systems (ISMS), and JIS Q 27001:2014, a Japanese standard. Our subsidiaries that handle credit card information have also received Payment Card Industry Data Security Standard (PCI DSS) certification, the international security standard of credit card industry for the safe handling of credit card information.

See here for a list of certifications acquired by our subsidiaries.

Measures against cyber attacks

The DG Group recognizes the threat of increasingly diverse, sophisticated cyber attacks, and is taking continual measures against such attacks. These include incorporating multilayer defense and the latest defense technologies into our systems. We also educate officers and employees about threats to guard against attacks involving internal parties (targeted attacks, etc.).

Business continuity

DG believes our social mission is to provide a range of online services. In the event of a disaster, cyber terrorism, system failure, or other serious danger, we will first ensure securely and accurately safekeeping customer information and continuing our services to the maximum level possible, at the same time the safety of our officers and employees and their family members.

Setting and promoting understanding of information security rules

DG establishes information security rules and continually promotes thorough understanding of them among officers and employees by conducting security training for new hires, as well as annual security training. An employee who breaches laws, ordinances, this Basic Information Security Policy, information security-related rules, or internal regulations will be subject to penalties in compliance with the company regulation manual, etc.

Code of Conduct

Officers and employees at Digital Garage strictly adhere to information security provisions and carry out compliance-based management in accordance with related laws and ordinances, business practices, our Code of Conduct, and other requirements, as well as contractual security obligations.

We set information security objectives to maintain an appropriate level of information security and work to reliably achieve them.

We conduct ongoing activities related to the Basic Information Security Policy and have established a risk management cycle to counter new threats. We work to constantly review and continuously improve this policy.

Established February 20, 2007
Revised July 1, 2015
Revised August 2, 2019

Kaoru Hayashi
Representative Director, President Executive Officer and Group CEO
Digital Garage, Inc.