Information Security Policy
Amid the rapid advancement of Internet-based advanced Information telecommunications network society (hereinafter referred to as "IT Society"), convenience of economic society has been elevated with far more speed than we expected. On the other hand, new problems including the leakage of personal Information have surfaced, and it is demanded in all areas of the society to appropriately respond to create a robust IT Society.
In this environment, the Rakuten Group, which is providing a wide range of services from EC to financial services over the Internet, shall recognize Information Assets consisting of both various information including personal Information of its users and Information System of hardware and software is indispensable for implementing business activities of Rakuten Group as well as further strengthen all Information Security measures, through emphasizing ensuring of the Information Security by appropriate protection and management of these Information Assets, at one of the highest management issues.
Therefore, the Group shall establish Information Security Management System, in which all related persons participate, through the following items, and continues its tireless efforts to ensure Information Security.
- 1. Establishment of the Information Security Management System
- To build an Information Security Management System under a management-team initiative and strive to enhance and maintain Information Security.
- 2. Appropriate management of Information Assets
- To recognize the importance of Information Assets held and evaluate risks and properly manage these assets.
- 3. Establishing Regulations, etc. for ensuring Information Security
- To establish Regulations, etc. for ensuring Information Security, and thoroughly extend these through all related persons.
- 4. Compliance with laws and norms
- To be compliant with laws and norms related to Information Security.
- 5. Continuous improvement
- To implement audits on a regular basis and continuously improve the Information Security Management System.
Initiatives for Information Security Enhancement
1. Our effort with ISO/IEC 27001
ISO/IEC 27001 ISMS Certification is accredited to the organization that is compliant with international standard of Information Security Management System (ISMS). We aim to maintain the confidentiality, integrity and availability of information assets
by constructing, operating, and continuously improving Information Security Management System (ISMS) to manage various risks such as the loss and falsification of information assets and service outage.
After Rakuten Ichiba accredited the certificate first time in November 2006, Rakuten Group broadened the ISMS scope to the whole company in March 2007. Currently, 20 companies of Rakuten Group have accredited with ISO/IEC 27001 and giving more effort for ensuring Information Security.
- Rakuten, Inc.
- LINKSHARE JAPAN K.K.
- Target, Inc.
- Rakuten Socio business, Inc.
- Rakuten Shigoto Shoukai, Inc.
- Rakuten Auction, Inc.
- Rakuten Baseball, Inc.
- Rakuten Travel Service, Inc.
- Rakuten ANA Travel Online Co., Ltd.
- Rakuten Communications, Inc.
- Signature Japan Co., Ltd.
- Rakuten Research, Inc.
- Keiba Mall, Inc.
- Rakuten Mart, Inc.
- TicketStar Inc.
- Rakuten Coupon, Inc.
- Rakuten Insurance Planning Co., Ltd.
- Rakuten Edy, Inc.
- Rakuten Super Logistics, Inc.
- RakutenCard Co., Ltd.
2. Privacy Mark Certification
The Privacy Mark Certification is accredited businesses that have established systems for appropriately protecting personal information in accordance with the Japanese Industrial Standard "Personal information protection management systems - Requirements (JIS Q 15001)". The certified organizations are permitted to use the Privacy Mark in the connection with business activities. The following four companies in the Rakuten Group have received Privacy Mark certification.
- Rakuten Securities, Inc.
- Rakuten Communications Corp.
- O-net, Inc.
- Rakuten Research, Inc.