Information Security Policy

Basic Policy on Information Security

• We will comply with laws and regulations related to information security, such as the Act on the Protection of Personal Information, as well as guidelines and other rules set forth by the competent authorities and industry organizations to which we belong, and strive to implement appropriate information management practices.
• The Company shall establish internal rules based on the Basic Policy on Information Security and establish clear and specific policies to be followed by all officers and employees.
• We will appoint a person in charge of information security to keep abreast of the status of information security in our company and revisions to related laws, regulations, and rules, as well as to implement necessary measures as appropriate.
• We will implement appropriate and reasonable information security measures for the products and services we provide.
• We will analyze and evaluate risks related to information security, and implement appropriate and reasonable information security measures against the identified risks.
• We will systematically provide education and training on information security to our directors and employees.
• In the unlikely event that an information security problem should occur, we will take prompt action to resolve the problem and minimize the damage.
• We will establish and properly operate an internal control system for information, and audit and verify its effectiveness.

June 30, 2016 (established)

Macromill, Inc.
Toru Sasaki, Representative Director, President & CEO

Encryption of Information

To ensure the privacy of our customers online, we are certified by Cybertrust and use a strong special encryption technology called "TLS (Transport Layer Security)" and "SSL (Secure Socket Layer)".

When customers register as members, respond to surveys, or complete questionnaires, their personal information is encrypted using TLS/SSL, and information is exchanged under the most complete security system.

Acquisition of ISO/IEC 27001:2022 certification

As of June 6, 2023, we obtained ISO/IEC 27001:2022 certification, an international standard for information security management systems (ISMS).

To ensure that our customers and all others involved in the services we provide can use our services with peace of mind, we are committed to the proper management of data and information, including personal information, and to the continual improvement of our information security management system.

About the Security Check Sheet

We have acquired ISO/IEC 27001:2022 certification, an international standard that is a third-party certification standard for ISMS (Information Security Management System), and are working to strengthen our comprehensive information security system and improve our corporate value so that our customers can use our services with peace of mind in response to recent social changes and needs.

As one of our efforts, we have created a standard security check sheet with reference to the detailed management measures of ISO27001 and the "Information Disclosure Guideline for the Safety and Reliability of Cloud Services (revised March, 2009)" published by the Ministry of Internal Affairs and Communications, and decided to release it on May 27, 2024.

We have been responding to each customer's request for their own security check sheet on an individual basis, but this standard security check sheet covers many of the answers, so please take advantage of it.