SECURITY POLICY

MESCIUS inc. (hereinafter referred to as “We” or “Our”) uses considerable amounts of information assets in the course of our business and in managing our employees, and thus recognizes that ensuring appropriate information security and striving to protect the information assets of our customers and stakeholders are essential requirements for promoting corporate activities based on social trust in addition to being important social responsibilities. Accordingly, in view of the importance of information security, we have established and will implement, maintain, and improve our “SECURITY POLICY.”

Compliance with Laws and Regulations

We comply with laws, regulations, norms, guidelines, and contractual obligations related to information security.

Protection of Information Assets

We identify threats, vulnerabilities, and risks, and implement countermeasures to maintain the confidentiality, integrity, and availability of all information assets in our possession.

Confidentiality

Information assets are protected from unauthorized access, etc., and are not leaked to persons unauthorized to view them
Integrity

Information assets are protected from alterations and errors, and are maintained accurately and completely
Availability

Information assets are protected from loss, damage, and system disruption, etc., and are accessible when needed

Implementation of Education and Training

We provide all employees with the necessary information security education and training to ensure that they are thoroughly informed of the importance of information security and its appropriate handling and management.

Measures in the Event of an Accident

We are committed to preventing information security accidents, such as leakage, loss, damage, or unauthorized use of information assets, and in the unlikely event of an accident, we will minimize the damage, promptly disclose necessary information, and take appropriate measures, including measures to prevent recurrence.

Responding to Changes in the Environment

We will review and strive to continuously improve our information security management rules and structures in consideration of changes in the business environment, changes in the social environment and legal systems, the latest trends in information-related technology, and newly discovered risks.

Enactment date: April 1, 2022
Revision date: November 1, 2023 (company name change)
Final revision date: July 1, 2024 (change of representative)

MESCIUS inc.
President: Yasuhiro Ono

ISO 27001 Certification

We have acquired the “Information Security Management System (ISMS)” certification, an internationally consistent third-party conformity assessment scheme for information security.

Certification Number

JQA-IM1900
Certification Standard

ISO／IEC27001：2013／JIS Q 27001：2014
Certification Body

Japan Quality Assurance Organization
Initial Certification Date

July 1, 2022
Valid until:

June 30, 2025
Scope of Registration
1. Development, sales, and support of business app development support tools
2. Development, sales, support, and servicing of system development support tools
3. Development, sales, support, and servicing of systems for accounting, payroll, assets, tuition, personnel, and related services for incorporated educational institutions

ISMS Cloud Security Certification

We have acquired the “ISMS Cloud Security Certification,” an information security certification specialized for cloud services.

Certification Number

JQA-IC0075
Certification Standard

JIP-ISMS517-1.0
Certification Body

Japan Quality Assurance Organization
Initial Certification Date

July 1, 2022
Valid until:

June 30, 2025
Scope of Registration
1. Business system services for incorporated educational institutions (LeySer System, LeySer web applications, LeySerKids)
2. Business app functionality expansion services (krew, RayKit)