SECURITY POLICY
Information Security Policy
Leverages Co., Ltd. (hereinafter referred to as the "Company") acknowledges that the proper management of information is a critical business concern, ensuring that customers can utilize the Company's services with confidence. In light of this, the Company has established its "Information Security Policy" as the guiding principle for information security. The Company shall comply with this Information Security Policy, as well as its separately established "Privacy Policy," to safeguard information assets against various threats and to manage these assets appropriately. This Information Security Policy shall apply to all information obtained or acquired in the process of the Company’s business activities and to all information in the Company's possession in connection with its operations.
Basic Policy on Information Security
Establishment of Information Security Management System
The Company shall endeavor to protect and properly manage all information assets in its possession, comply with applicable laws, regulations, and other rules related to information security, and establish a system that enables the prompt implementation of information security measures.
Assignment of Chief Information Security Officer
The Company shall appoint a Chief Information Security Officer (CISO) and establish its Information Security Committee. These measures enable the Company to accurately assess the status of information security throughout the organization and to proactively implement necessary measures in a timely manner.
Maintenance of Internal Rules and Regulations
The Company shall establish internal regulations based on its Information Security Policy and ensure that clear policies and rules for the protection and appropriate management of personal information and all information assets are thoroughly communicated within the organization.
Development and Enhancement of Audit System
The Company shall establish a system that enables both regular and ad-hoc internal audits to verify adherence to internal rules, regulations, and applicable laws related to information security, ensuring their effective implementation in its business operations. The Company shall take strict action against any violations to ensure proper information management.
Appropriate Information Security Measures
The Company shall implement security measures in the areas of organizational, physical, technical, and human safety controls to prevent incidents such as unauthorized access, destruction, leakage, falsification, loss, or interference with the use of information assets. This includes stringent management of access rights, database access restrictions, and other relevant controls. Furthermore, the Company shall make necessary modifications in response to technical or social developments and continuously improve its security measures to adapt to such changes.
Improvement of Information Security Literacy
The Company shall ensure that all employees receive comprehensive security education and training to equip them with the necessary information security literacy to perform their duties effectively. The Company shall continue to provide such education and training to ensure the proper management of its information assets.
Strengthening the Management System of Third-party Service Providers
When outsourcing operations, the Company shall thoroughly assess the suitability of the third-party service providers and requires them to maintain a security level equal to or exceeding that of the Company. To ensure that these security levels are properly maintained, the Company conducts ongoing reviews and periodic audits of the third-party service providers.
Implementation of Continuous Improvement
The Company shall conduct periodic evaluations and reviews of the aforementioned policies to ensure the continuous improvement of its information security management.
Privacy Policy of Leverages Co., Ltd.
The Company's "Privacy Policy" is as follow.