HENNGE
Information Security
Basic Policy

HENNGE, Inc. is a provider of cloud services, solution services and software products whose company philosophy is to make unique technologies and cutting-edge technologies accessible to our customers and change the society under the slogan of "Liberation of Technology".

HENNGE recognizes that information of our customers, vendors and all the other information we handle is one of our most important assets and believes that it is our responsibility to appropriately maintain the security of such information assets.

Based on this belief, HENNGE has devised its Information Security Basic Policy as follows, and it is our commitment that we execute it and will continue to improve and enhance our measures.

1. Definition of Information Security

Information Security shall mean to ensure and maintain the confidentiality, integrity, and usability of our information assets.

*Confidentiality shall mean that only authorized users may access to the information and the information shall never be disclosed to outside of the company.

*Integrity shall mean that the information and our information systems are accurately maintained and handling of information is always based on designated and respected procedures.

*Availability shall mean that authorized users are able to access to the information and the information systems when necessary.

2. Purpose

HENNGE shall, by appropriately handling our information assets, maintain trusts of the stakeholders, such as our customers, vendors, shareholders and employees, and fulfill our social responsibility as a company.

3. Applicable Scope of the Policy

  1. To all HENNGE organizations;
  2. To all HENNGE employees including HENNGE officers, employees, temporary workers, part-timers and interns, as well as subcontractors who work constantly in the HENNGE premises; and
  3. To all the information which is under the custody of HENNGE and related to HENNGE's business activities.

4. Goals

  1. Prevent as well as minimize occurrence of information security incidents; and
  2. In case of any information security incident, minimize the damage and maintain our business continuity.

5. Framework of Risk Management

HENNGE shall conduct its risk assessment as well as risk management based on the following framework and set the management objectives as well as measures;

  1. Identification and Classification of Information Assets
    Accurately identify and classify the priorities of our information assets at HENNGE;
  2. Risk Assessment
    Establish criteria for risk assessment and apply them;
  3. Risk Management
    Take operational, physical, and technical measures to manage risks.

6. Other Information Security Principles

  1. Fulfilling the Information Security-related Obligations
    Fulfill obligations set by relevant laws and ordinances (including but not limited to those which are set forth in the Information Security Management Rules, such as (1) Unfair Competition Prevention Act, (2) Act on the Prohibition of Unauthorized Computer Access, (3) Copyright Law, and (4) Personal Information Protection Law) as well as regulations, company internal rules and contractual obligations relating to information security.
  2. Implementation of Education and Awareness Programs
    Implement education and awareness programs on information security.
  3. Administration of Business Continuity
    Take measures against interruptions of business activities due to major failure of information systems and/or natural disasters, protect important operational processes, and ensure recovery of business activities and important business processes.
  4. Penalties against Violations
    Apply penalties against violations of our Information Security Policy.

7. Responsibility related to Information Security Management

General as well as specific responsibility lies with the HENNGE management team including directing the necessary measures as well as making announcements and reporting to outside of the company in the event of any information security incident at HENNGE.

8. Document on the Company Information Security Management System

HENNGE shall create a document on its information security management system so that information security shall be appropriately managed and maintained. Also, in order to put this Policy into practice, we will utilize the document.

9. Approval and Reviews of the Policy

This Policy is approved and shall be periodically reviewed by the HENNGE board of directors.

Revision History
Revised on February 1, 2019
Revised on October 1, 2016.
Revised on August 22, 2013
Revised on September 19, 2007
Enacted on January 17, 2007