Information Security Policy for Providing Cloud Services
We have established a Cloud Service Information Security Policy to address the provision and use of cloud services while maintaining information security.
- Information security requirements applicable to the design and implementation of cloud services
- We design and implement cloud services by applying the information security requirements of our customers and our established "Information Security Policy".
- Risks of Cloud Services
- We implement control measures against risks related to cloud services identified in the information security risk assessment conducted for cloud services.
- Isolation of Cloud Computing Environment
- Our cloud services are provided to our customers in a virtualized multi-tenant environment provided by a cloud service provider. The computing environment is isolated on a hardware-level virtualization infrastructure (virtual machine monitor/hypervisor type) on a per instance (virtual machine/guest OS) basis.
- Employee Responsibilities and Obligations
- Cloud service operation staff will be regularly educated and trained to handle customer data properly.
- Access and Protection of Customer Data by Our Staff
- Our staff may access Customer accounts (including this Data) to resolve Cloud Service or technical issues, or as otherwise provided in the Cloud Service Terms of Service. we will not monitor, edit, or disclose this Data without your prior permission, except as provided in the Cloud Services Terms of Service.
- Administrative Access Control Procedures
- We provide standard ID and password access control for our Cloud Service. Optionally, we support access control by IP address restriction, client certificates, Active Directory integration, and IdP integration (SAML, OpenID, etc.). We recommend our customers to use this option for security reasons.
- Notification of changes to customers
- In accordance with our change management procedures, we will provide information on any changes that have a significant impact on our customers.
- Virtualization Security
- Customer environments (instances) are provided in a virtualized environment at the hardware level.
Resources such as instances, networks, and memory are isolated from each other via the virtualization infrastructure
- Account Management
- Customer user accounts are created and managed under the customer's responsibility in accordance with the terms of use of the cloud service.
- Information Sharing
- Information will be shared for breach notification, investigation and forensic support. Means of notification and communication are defined in the Terms of Use of Cloud Services.
Forensic support means efforts to preserve evidence that can be used in court in case of unauthorized access, information leaks, or commercial disputes that could lead to litigation.
Enacted on April 1, 2009
Revised on February 28, 2022
Ricksoft Co., Ltd.
Top Management Mari Kato
Acquisition of Information Security Management System "ISO/IEC 27001:2013(ISMS), ISO/IEC 27017:2015(Cloud)" Certification
Learn more
Inquiries about Information Security Policy for Providing Cloud Services
- Information Security Office, Ricksoft Co., Ltd.
-
E-Mail: isms[at]ricksoft.jp
TEL: 03-6262-3947