For business development purposes, RareJob Group of Companies (hereinafter, “RareJob Group”) recognizes Information Security as one of the key management policies and commits to protecting Information Assets from any threat, breach or violation, in order to maintain the trust and confidence and provide sense of security to all stakeholders.
Based on this policy, we establish the following rules and management structure, hereinafter the “Information Security Management System”, to detail the social responsibilities required for proper execution of Information Security activities.
RareJob Group adheres to the following principles of Information Security: protection of confidentiality of data, preservation of integrity, and promotion of the availability of information assets. To effectuate proper Information Security, we identify and detect the causes of Information Security risks from the aspect of threat, vulnerability to unauthorized use and according to the internal standard rules. We take appropriate counter measures against these causes in order to eliminate, if not mitigate, the risks to tolerable levels.
2.Target of Information Security
All RareJob Group members, including employees, officers, agents, advisors, directors and temporary workers are required to comply with this policy.
3.Scope of Information Security Management
The scope of Information Security Management is defined and limited according to each service provided. The Information Assets to be protected include, but not limited to, confidential information acquired through daily operations, documents, including contracts and agreements, intellectual property including know-how, computers and network facilities related to the business operations under the management of RareJob Inc., information system such as software, and data processed in the information system.
4.Internal structure for Information Security
RareJob Group organizes an Information Security Committee, assigns a Manager to control the activities, and establishes an Information Security Audit function to inspect the activities. We also establish an Emergency Response Framework, in coordination with external experts, for possible Information Security Incidents.
5.Information Security Controls
In adopting Information Security Controls, all the members of RareJob Group acts in unity. Our efforts include the establishment of three (3) kinds of management: (a) Organizational management such as establishment of framework and procedures, (b) Human Resource management including education and training for employees, and (c) Physical and technical management in receiving and storing Information Assets.
When outsourcing all or parts of the business, we will adhere to its proper implementation, in order to fully realize and evaluate its accuracy and maintain the same standards of security level. In addition, in order to continuously confirm that these security levels are properly maintained, we will conduct regular audits of outsourcing companies and review of management system.
6.Compliance with laws and regulations, and contracts related to Information Security
RareJob Group conducts Information Security activities in compliance with relevant laws, such as the Act on Protection of Personal Information, Unfair Competition Prevention Act, Copyright Act, Data Privacy laws and other guidelines and regulations in relation with Information Security Management System. We also act in conformity with the requests proposed by the stakeholders. In addition, we will strive for appropriate Information Management by dealing strictly with any breach and violations.
7.Continual improvement of Information Security Management System
RareJob Group regularly reviews and evaluates the Information Security Management System to protect Information Security from any threat stemmed from social changes and advancement of information technology. We also ensure to maintain and continually improve information security by taking preventive and corrective actions.
Gaku Nakamura, CEO
Established: July 1, 2019
One of RareJobs’ management policies is to protect information assets from information security risks, thereby ensuring all stakeholders feel secure and trust its online English conversation service business. Based on this policy, it has established rules and a management system for information security, or information security management system (usually referred to as ISMS), and is determined to fulfill its social responsibilities through the implementation and continuation of relevant activities.
1. Information security
RareJob defines information security as the maintenance of confidentiality, completeness and availability of its information assets. With this definition in mind, it will specify the causes of any risks that threaten this maintenance from the perspectives of threats and vulnerabilities according to internal regulations, while simultaneously taking proper controlling measures against such causes to control risks to ensure they are under the levels acceptable to RareJob.
2. Scope of information security
RareJob decides what should be targeted for information security management on a service-by-service basis. Targeted information assets include information systems comprised of computers, network facilities and software relevant to the business activities carried out under the management of RareJob and data processed in these information systems, as well as intellectual property such as confidential information that comes to its knowledge in the course of business and contract documents.
3. Internal structure for information security
To ensure that information security activities are conducted properly, RareJob has decided to organize the information security committee and engage in information security activities by assigning an administrator who oversees such activities, while at the same time establishing an information security audit system for the purpose of inspecting such activities. In addition, it will establish an emergency system in collaboration with outside experts to make sure that proper measures are taken in the event of any incident associated with information security.
4. Measures to control information security
To implement information security controlling measures, RareJob will implement organizational controls, such as the improvement of systems and procedures, and personnel management, including the provision of educational/training programs to employees, as well as physical and technical control in the transfer and storage of information assets. By doing so, the whole organization will engage as one in information security activities.
5. Compliance with laws and regulations and contractual provisions regarding information security
In the course of information security activities, RareJob will confirm and comply with laws and regulations associated with information assets such as the Act on the Protection of Personal Information, Unfair Competition Prevention Act and Copyright Act and a range of guidelines, other codes, and requests from stakeholders including requests for confidentiality, among other matters.
6. Continuous improvement of the information security management system
RareJob will stay responsive to changes in social conditions and progress in information technologies and review the information management system periodically to ensure information is secured from new threats. In addition, it will maintain and continuously improve the information security system through preventive and corrective activities.
(Date of establishment) May 28, 2012
(Date of revision) July 1, 2015