Information Security Policy

Date of enactment:

Revision Date:

Fontworks Inc.
President and CEO: Hisahiro Shimizu

Fontworks Inc. (hereinafter referred to as "the Company") has a corporate philosophy of "becoming a leader in the creation of new culture through letters", and through fonts, people around the world, people and information, people We have contributed to shortening the distance of works.

As we continue to evolve into a society where manufacturing and IT are fused, what used to be a connection between senders and receivers, and between people, has become one between people and things, and even things communicate with each other. As a leader in the ever-evolving future, we would like to continue creating new value in communication.

Recognizing that personal information protection and information security management are important responsibilities for the safe use of various solutions and services born from such technological innovation, we have established and implemented the following Information Security Policy, and , declares to keep

1. Scope of application

This basic policy covers "information assets" that we handle in our business activities. Information assets are information, data and information systems, networks, equipment owned or operated by the Company, and target all things that the Company deems necessary in the development of business, regardless of tangible or intangible. ..

2. Building an information security system

The Company shall establish an information security management system centered on the management team and shall maintain and improve information security. In addition, we will establish a system to regularly audit these efforts and make efforts for improvement.

3. Placement of "Chief Information Security Officer"

In addition to establishing the Chief Information Security Officer (CISO), we also organize information security measures meetings. This will enable us to accurately grasp the status of information security at the company level and take proactive activities so that necessary measures can be promptly implemented.

4. Maintenance of internal regulations regarding information security

We have established internal rules based on the information security policy, have a clear policy not only for handling personal information but also for handling information assets in general, and make sure that everyone inside and outside the company takes a strict attitude against information leakage. ..

5. Protection of information assets

We recognize the importance of all information assets we hold from the viewpoints of confidentiality, integrity, and availability, perform risk assessment, and endeavor to protect appropriate information assets under an information security system.

6. Strengthening the management system of subcontractors

When we conclude a business outsourcing contract, we will thoroughly examine eligibility as a business outsourcing party and request that the security level equal to or higher than our company be maintained. In addition, in order to continue to confirm that these security levels are properly maintained, we will continue to review our outsourcing companies and work to strengthen contracts.

7. Implementation of information security education and training

The Company regularly conducts educational activities for all executives and employees in order to thoroughly and improve information security efforts.

8. Security incident / accident response

If a security incident or accident occurs, or if there is a sign of it, we will take prompt action and carry out procedures.

9. Compliance with laws and regulations

We comply with all laws and other guidelines that apply to information security that we undertake.

10. Review and improvement

The Company will periodically review and improve this policy in line with changes in management policy, business content, social changes, changes in laws and regulations.

We have acquired ISO27001, the international standard for information security management.