Confidentiality Policy

1. Policy

Brainwoods Corporation (hereinafter referred to as “the Company”) considers the confidential information of our business partners and of the Company’s to be one of the most important management issues, and has established an internal system for information security and a system of cooperation with external parties, and we review it from time to time to promote continuous improvement.

2. System and structure

We have an information security officer (President & CEO), an information security system administrator (Director), and an information security operator (in charge of information security) to manage confidential information and its management within and outside the company.

2.1. Information Security Officer

The President and CEO will be in charge. He or she is responsible for overseeing security measures and will be responsible for overall security measures.

2.2. Information Security System Administrator

A director is in charge of the planning and execution of security measures. This position is responsible for the overall implementation of security measures on information systems.

2.3. Information Security Operator

All employees are responsible for the operation and management of security.

3. Procedures such as written oath and non-disclosure agreement

We sign Non-Disclosure Agreement (NDA) with our employees, part-timers, and outside contractors.

3.1. Employees

Confidentiality Agreement (when employed)
Guide to business

3.2. Part-timers

Confidentiality Agreement (when employed)
Work manual

3.3. Outsourcing Contractor

Confidentiality Agreement (at the time of subcontracting registration)

4. Security measures on information system

We take the following measures for information security, including measures against computer viruses and hackers.

Server equipment management
Management of networks, terminal equipment and internet connections (firewalls, internet security software, etc.)
ID and password management for important files and folders
Periodic virus definition updates and virus checks
Access control

5. Handling of Information Data

5.1. Data Transfer

We use email, FTP, large data transmission services, courier services, etc. to manage the sending and receiving.
For highly confidential data, a representative will visit the client’s site to receive the data in person.

5.2. Data Handling

Only the person in charge handles the data received and no other staff in the company does.
If printing or photocopying is required, limit the number of prints and copies to the minimum number of personnel required.
If the user wishes, we can handle highly confidential material only in-house (e.g. in the case of translation).
The purpose of translation deliverable is to deliver to the user, and will not infringe on any copyright or unauthorized use other than that of the user.

5.3. Returning, deleting and destroying of data

After the work is completed, we will return the data and materials we have received.
When erasing or destroying data: data is erased, paper media is shredded, and disks and other media are destroyed with scissors or shredded.

6. In-house training

In order to ensure compliance with information security, we provide the following training and education within the company.

Initial training
Internal Company Briefing
Explanation to subcontractors at the time of registration and commissioning

Brainwoods Corporation, Ltd.
Kazuhiro Aida, President