Skip to main content

SmartHR Group Information Security Policy

SmartHR, Inc. and its group companies (hereinafter collectively referred to as the "SmartHR Group") are engaged in a diverse range of corporate activities aimed at creating a society in which everyone can express themselves through their work. Given that most of its products are provided as cloud-based services, SmartHR Group recognizes the crucial nature of information security to its business. As such, SmartHR Group strives to protect the information assets in its possession (including those entrusted to it by its customers and business partners) from cyber attacks and other threats and to maintain and improve their confidentiality, integrity, and availability.

1.Information Security Management

In order to promote the secure management of information across its member companies, SmartHR Group shall establish an information security management system by, among other actions, formulating the necessary rules and regulations under the leadership of its senior management.

2.Risk Assessment

SmartHR Group shall establish a set of criteria for assessing security risks which it shall use to conduct regular assessments of information assets in its possession. Based on the results of these assessments, SmartHR Group shall implement any necessary measures in a systematic manner.

3.Compliance with Laws, Regulations, and Contractual Obligations

SmartHR Group shall comply with all laws, regulations, and contractual obligations to which it is beholden, as well as any other social norms, pertaining to information security.

4.Collection of Security-Related Information

SmartHR Group shall strive to enhance its security measures while responding promptly to new risks by staying continuously up-to-date with the latest information on threats and technologies.

5.Education and Training

In addition to ensuring that all group personnel are made aware of this policy and all relevant regulations and security-related information as needed, SmartHR Group shall also provide its personnel with periodic training on the subject.

6.Security of Products and Services

SmartHR Group shall endeavor to provide its customers with secure products and services by ensuring information security at the planning, design, development, operation, and all other stages of their production.

7.Incident Response System

SmartHR Group shall recognize that security incidents may occur and establish procedures designed to respond to them. In the event of such an incident, SmartHR Group shall promptly detect and analyze the incident, after which it shall follow the procedures for containment, eradication, and recovery, notify relevant parties, and take appropriate measures to prevent a future recurrence.

8.Managing Outsourcing Partners

When working with outsourcing partners, SmartHR Group shall endeavor to ensure that such partners maintain a level of information security equal to or greater than its own by conducting appropriate supervision of such partners through the execution of a confidentiality agreement and assessments at the time of selection and at regular intervals thereafter.

9.Inspections and Audits

SmartHR Group shall conduct regular internal inspections and audits of its own information security and continuously strive to enhance its information security management systems and its handling of information assets.

10.Business Continuity

In addition to taking measures to minimize the potential impact of disasters, accidents, outages, and other security issues on its services and business activities, SmartHR Group shall also develop a plan for restoring operations as quickly as possible to ensure its services remain available in the event of an emergency.

October 18, 2023

Masato Serizawa
SmartHR CEO