Information Security Policy
index
Information Security Policy
Basic Principle
WellGo, Inc. (the “we”, “our” or “us”) conducts business with our philosophy “Now people live one hundred years. WellGo strongly supports a healthy lifespan, the asset of the new era”.
To maintain our business, essential components include our customer information and other information assets.
This policy is respected by users of information assets, including our officers and employees who recognize the importance of protecting the assets from data leakage, damage, loss, and any other risks. We practice activities for information security such as confidentiality, integrity, and availability.
Personal Information Protection Policy
WellGo, under the principle of showing a model of handling personal information appropriately, sets the standard for privacy policy. We abide by the policy and are committed to protecting private information and rights and interests of individuals.
- We acquire personal information, clarifying the purposes of utilizing it, and handle it only to the extent necessary for fair business activities.
- When personal information is obtained directly in writing, after informing the name of our company, the name and contact information of the personal information protection manager, and the purpose of use.
- We shall implement measures to prevent the handling of private information outside the necessary scope for achieving the specified usage purpose.
- We, except as required by law, neither disclose nor provide personal information to any third party without obtaining consent from the personal information provider.
- To ensure the safety and accuracy of personal information, we will take appropriate security measures to prevent unauthorized access, leaks, loss or damage of personal information.
- When outsourcing the processing of personal information, we will require by contract that the information will not be leaked or provided to a third party, and we will implement appropriate management of the outsourced company.
- We established a point of contact for customer complaints and inquiries on the handling of personal information to meet requests from the personal information provider.
- We comply with laws and regulations on the handling of personal information, government guidelines and other norms.
- We establish an information security management system and implement this system while also reviewing, revising, and improving it on a regular basis.
Enacted on November 1, 2022
WellGo,Inc.
President, Co-Founder Kusumoto Takuya
Basic Policy on Information Security
- In order to protect information assets, we will develop and follow an information security policy and related rules to operate our business. we will also follow related regulations/norms and contract with our customers.
- We will clarify the criteria for analysis and evaluation of the risks, including leakage, damage, and loss in information assets, to establish a systematic risk assessment strategy and conduct the risk assessment on a regular basis.
Based on the results, we will implement necessary and appropriate security measures. - We will establish an officer-centered information security system and clarify the related authority and responsibilities. We will also educate, train, and cultivate all employees on a regular basis so that they recognize the importance of information security to ensure the proper handling of information assets.
- We will inspect and audit the compliance with the information security policy and the handling of information assets on a regular basis to promptly take corrective action for any deficiencies or improvements.
- We will take appropriate measures against information security events/incidents. In case they occur, we will proactively establish a response procedure to minimize damage, In an emergency, we will respond promptly and take appropriate corrective actions. For incidents related to business interruption, we will establish and regularly review a management framework to ensure the continuity of our business.
- We will establish and implement an information security management system with goals to realize our basic principle. We will also continue to review and improve the system.
Enacted on December 1, 2019
WellGo,Inc.
President, Co-Founder Kusumoto Takuya
Basic Policy on Cloud Security
The “Cloud Security Basic Policy” is a subordinate policy of the “Information Security Basic Policy”.
- We design and implement cloud services that take into consideration an established basic policy as well as information security requirements from customers.
- We evaluate information security risks related to cloud services and conduct risk assessments on a regular basis. In addition, based on the results, we will implement appropriate information security measures.
- Our cloud services are provided in a logically isolated environment provided by the cloud service provider.
- Except for the circumstances necessary to implement our services, we do not access our customers' assets without permission.
- We will regularly provide education and training to our cloud service operators to address information security risks.
- We organize appropriate authentication method of access to cloud services.
- We notice any information on changes related to our cloud services via our homepage.
- Based on the scope of responsibility, we manage and protect appropriate access to the data used in cloud services.
- It is the customer’s responsibility to create and manage their account appropriately.
- We will disclose the contact system in the event of a cloud service incident to cloud service customers. In addition, if an incident occurs, we will take prompt action and take corrective action.
Enacted on March 1, 2022
WellGo,Inc.
President, Co-Founder Kusumoto Takuya
Third-party certification and Compliance with
security standards
ISMS Cloud security authentication (ISO/IEC 27017:2015)
ISMS Cloud Security Authentication is to certify the proper management and implementation of information security measurements specific for cloud services by a third-party organization. WellGo inc. has obtained ISO/IEC 27017:2015 in addition to ISO/IEC 27001:2013.
WellGo inc. Security White Paper
| About ISO/IEC 27017:2015 (JIP-ISMS517-1.0) | |
|---|---|
| First date of registration | April 23, 2020 |
| Certification body | SGS Japan Inc. |
| Certification criteria | JIP-ISMS517-1.0(ISO/IEC 27017:2015) |
| Registration certificate | JP20/080610 |
| The scope of registration | Cloud service provider: Cloud service customer: |
ISMS Information Security Management System (ISO/IEC 27001:2013)
WellGo Inc. has obtained the ISO/IEC 27001:2013 (JIS Q 27001:2014) certification standard for information security.
| About ISO/IEC 27001:2013 (JIS Q 27001:2014) | |
|---|---|
| First date of registration | April 23, 2020 |
| Certification body | SGS Japan Inc. |
| Certification criteria | ISO/IEC 27001:2013 (JIS Q 27001:2014) |
| Registration certificate | JP20/080611 |
| The scope of registration |
|
Privacy Information Management System (ISO/IEC 27701:2019)
WellGo Inc. has obtained the ISO/IEC 27701:2019 certification for privacy information management.
| About ISO/IEC 27701:2019 | |
|---|---|
| First date of registration | March 28, 2023 |
| Certification body | SGS Japan Inc. |
| Certification criteria | ISO/IEC 27701:2019 |
| Registration certificate | JP23/00000088 |
| The scope of registration | PII Processer: |
WellGo's actions for FISC Security Guidelines on
Computer Systems for Financial Institutions
FISC Security Guidelines on Computer Systems for Financial Institutions is made by The Center for Financial Industry Information Systems to set the standard for the security concerning the system such as equipment, operation, and technology. Many financial institutions use it as a guideline for system architecture and operation. WellGo meets the criteria of the standard for the security certified by FISC.