Information Security Policy

Enactment date: June 1, 2015
Revision date: April 1, 2019
Fontworks Inc.
President and CEO Ai Harada

Fontworks Inc. (hereinafter referred to as "the Company") has a corporate philosophy of "becoming a leader in the creation of new culture through letters", and through fonts, people around the world, people and information, people We have contributed to shortening the distance of works.

As a member of the SoftBank Group, which promotes contributions to humankind and society through the information revolution, the communication between people who communicate and those who receive, people and people, and communication between people and things As we continue to evolve into a society in which manufacturing and IT fuse together, we want to continue to create new value in communication as a leader in the future that continues to evolve.

Recognizing that personal information protection and information security management are important responsibilities in order to use the various solutions and services that are born from such technological innovations with peace of mind, we have established the following Privacy Policy, , Declare to keep.

1. Scope of application

This basic policy covers "information assets" that we handle in our business activities. Information assets are information, data and information systems, networks, equipment owned or operated by the Company, and target all things that the Company deems necessary in the development of business, regardless of tangible or intangible. ..

2. Building an information security system

The Company shall establish an information security management system centered on the management team and shall maintain and improve information security. In addition, we will establish a system to regularly audit these efforts and make efforts for improvement.

3. Placement of "Chief Information Security Officer"

In addition to establishing the Chief Information Security Officer (CISO), we also organize information security measures meetings. This will enable us to accurately grasp the status of information security at the company level and take proactive activities so that necessary measures can be promptly implemented.

4. Maintenance of internal regulations regarding information security

We have established internal rules based on the information security policy, have a clear policy not only for handling personal information but also for handling information assets in general, and make sure that everyone inside and outside the company takes a strict attitude against information leakage. ..

5. Protection of information assets

We recognize the importance of all information assets we hold from the viewpoints of confidentiality, integrity, and availability, perform risk assessment, and endeavor to protect appropriate information assets under an information security system.

6. Strengthening the management system of subcontractors

When we conclude a business outsourcing contract, we will thoroughly examine eligibility as a business outsourcing party and request that the security level equal to or higher than our company be maintained. In addition, in order to continue to confirm that these security levels are properly maintained, we will continue to review our outsourcing companies and work to strengthen contracts.

7. Implementation of information security education and training

The Company regularly conducts educational activities for all executives and employees in order to thoroughly and improve information security efforts.

8. Security incident / accident response

If a security incident or accident occurs, or if there is a sign of it, we will take prompt action and carry out procedures.

9. Compliance with laws and regulations

We comply with all laws and other guidelines that apply to information security that we undertake.

10. Review and improvement

The Company will periodically review and improve this policy in line with changes in management policy, business content, social changes, changes in laws and regulations.