Security Policy

Organizational Security Management Measures

We have appointed a person responsible for the handling of personal information, clarified the scope of employees who handle personal information and the personal information they manage, and established a reporting and communication system to the responsible person in the event that any facts or signs of violations of the Personal Information Protection Act or internal personal information handling regulations are identified.

Establishment of Organizational Structure
To ensure the secure management of personal information, we have appointed a Chief Privacy Officer (CPO), an audit manager, and various operational managers, clearly defining their responsibilities and roles.
Development and Operation of Compliance Programs (Personal Information Protection Regulations)
We have established a compliance program as a code of conduct for personal information protection (including provisions based on the determination that Japan ensures an adequate level of protection for personal information under the GDPR). We conduct regular education and training for all individuals engaged in uSonar's business operations to ensure thorough awareness and promote a culture of compliance.
Means to Monitor the Handling Status of Entrusted Data
We have built a system to visualize the handling status by utilizing an entrusted media management ledger. Furthermore, when receiving data, we issue a "Customer Information Custody and Return Receipt," store the data on servers with restricted access, and manage physical media under lock and key.
Evaluation, Review, and Improvement (Establishment and Operation of the Security Center)
We have assigned personnel responsible for personal information and, through our Security Center (chaired by Representative Director Nami Fukutomi), we continuously evaluate, review, and implement improvements.
Response to Accidents or Violations
In the unlikely event that an accident or violation is discovered, we have established a workflow for the Security Center to conduct fact-finding investigations, determine root causes, identify the scope of impact, consider and implement recurrence prevention measures, and take appropriate actions.

Human Security Management Measures

We conduct regular training for employees regarding considerations for handling personal information and include provisions concerning the confidentiality of personal information in our employment regulations. We implement human security management measures by requiring employees to sign non-disclosure agreements regarding designated confidential personal information and by providing ongoing education and training.

Execution of Pledges with Employees at the Time of Hiring
All employees, temporary staff, and part-time workers at uSonar are required to sign a confidentiality pledge. We also require family members to act as joint guarantors.
Execution of Contracts with External Vendors During Outsourcing
When outsourcing the handling of personal information to companies such as direct mail distributors or data entry firms, we select vendors that maintain a high level of information security and personal information protection systems. As part of our selection process, we have established internal criteria for selecting contractors, maintain investigation records, and clarify the contractor's responsibilities (and criteria for exemption) through business outsourcing agreements, which include provisions for confidentiality, sub-contracting, division of responsibility in the event of an accident, and the return or deletion of personal information upon contract termination.
Implementation of Awareness, Education, and Training on Internal Regulations for Employees
uSonar conducts personal information protection training as part of its onboarding programs for new hires, mid-career recruits, part-time staff, and advisors. For all uSonar employees, we provide ongoing updates at least once a year regarding our internal compliance program, personal information protection training manuals, and any revisions or legal updates to ensure full awareness.
Analysis of Employee Psychological Well-being
We utilize text mining to extract and analyze the psychological state of employees based on their daily reports, assessing levels of negativity and positivity.
Special Management of Temporary Staff
As temporary staff are employed by different entities, their security access levels are set lower than those of permanent employees, preventing them from accessing personal information through both physical and technical restrictions.
Fair Evaluation and Self-Reporting System
We are committed to fair evaluations and utilize systems such as self-reporting to maintain and enhance employee motivation.
Prevention of Unauthorized Customer Data Manipulation
We have established a system that prevents any single individual from extracting highly confidential personal information, requiring a minimum of two authorized personnel to perform such tasks.

Physical Security Management Measures

We implement physical security management measures, including access control for buildings and rooms, and safeguards against the theft of personal information, to prevent unauthorized access, loss, destruction, tampering, or leakage of data.

Building and Room Access Control
We have implemented an access control system across all doors using employee ID cards to manage entry and exit logs and restrict access to authorized personnel.
Prevention of Theft and Other Incidents

• Surveillance Cameras
Surveillance cameras monitor for unauthorized entry and illicit activities 24 hours a day, 365 days a year. Recorded video data is retained for a minimum of three months to maintain comprehensive security logs.

• Electronic Media Lock Management
In addition to physical locking, access to areas containing storage cabinets is restricted via an entry/exit management system.

• After-Hours and Holiday Support
We implement 24/7/365 security through a combination of building security personnel, surveillance cameras, and entry/exit monitoring equipment.

• Prohibition of Removing Equipment Such as PCs from the Office
Removing equipment such as PCs from the office is prohibited. As an exception, removal is permitted only after following the application and approval procedures designated by the CIO.

• Implementation of Personal Belongings Inspections
By conducting random inspections of personal belongings, we regularly check that unauthorized personal PCs, storage media, smartphones not previously registered, or sharp objects and dangerous items are not brought into the office.

Technical Security Management Measures

We have implemented mechanisms to protect information systems that handle personal information from unauthorized external access or malicious software.

Identification and Authentication for Data Access
For all terminals, we maintain logs in real-time detailing who performed what operations, when, and how.
Access Control

• Login Control
uSonar grants access to personal information only to specific employees with authorized privileges. Data is not duplicated, and access logs are stored and monitored. Furthermore, at uSonar, each individual sets their own password for logging into their personal terminal. Electronic documentation is managed on a shared server, with access control implemented at the folder level within the system.

• ID Management and Deletion
We immediately execute changes or deletions of privileges, including IDs and entry/exit cards, for employees who have transferred or resigned.
Software Security Measures

Malware Protection
To address both known and unknown malware, we have deployed multiple security software solutions across all terminals.

Blacklisting
Each user is granted only standard user privileges on their terminal and is restricted from installing applications. We maintain a blacklist of unauthorized software and implement controls to prevent the execution of any such software, even if it is inadvertently installed.
Data Transfer and Transmission Security
Confidential information transmitted via the uSonar network or the internet is encrypted using TLS and requires approval from a designated administrator before transmission. When files are sent via email attachments, an automatic BCC function notifies supervisors. Furthermore, designated personnel conduct periodic reviews to ensure that all transmissions are appropriate.
Implementation of VDI (Virtual Desktop Infrastructure)
By utilizing VDI, we ensure that no data remains on individual client terminals, including laptops. Consequently, there is no need to implement specific measures for data extraction via USB, Bluetooth, or other external interfaces.
Third-Party Security Audits
We conduct regular security inspections and information leakage checks. As a result, our security framework at uSonar has been evaluated as robust.

Other security measures are not disclosed for security reasons. For further details, please contact us, and we will provide an explanation as necessary.

Formulation of Personal Information Protection Policies and Establishment of Regulations for Handling Personal Information

• To ensure the appropriate handling of personal information, we have established regulations regarding compliance with relevant laws, guidelines, and the establishment of contact points for inquiries and complaints. Regarding acquisition, usage, and storage,
• We have established regulations concerning handling procedures, designated personnel, and their responsibilities for each stage, including provision, deletion, and disposal.

ISO Certification

uSonar has obtained three ISO certifications.

Information Security Management System - ISO/IEC 27001:2013
Certification Registration Number: IS 696370　　Certification Date: 2018/09/25
ISMS Cloud Security - ISO/IEC 27017:2015
Certification Registration Number: CLOUD 731975　　Certification Date: 2020/11/04
Management System for Protection of PII in Public Clouds Action as PII Processors - ISO/IEC 27018:2019
Certification Registration Number: PII 731976　　Certification Date: 2020/11/04

Partially Revised on 2021/12/15
2022/07/19 Changed company name from Landscape Co., Ltd. to uSonar Co., Ltd.