Security Policy

Massive Act Co., Ltd. (hereinafter referred to as “the Company”) is committed to protecting the information assets entrusted to us by our customers and business partners from threats and risks such as accidents, disasters, and crime. To fulfill the trust placed in us by our stakeholders and society, we will implement company-wide information security measures based on the following policy.

Our company, under the leadership of management and executives, systematically and continuously adheres to our Information Security Policy. We strive to appropriately manage and protect the valuable information assets of our customers and business partners, and to provide secure digital services.

Classification and Management of Data

• Information handled shall be appropriately classified based on confidentiality, integrity, and availability
• Implementation of appropriate access controls according to each classification
• Implementation of appropriate protective measures throughout the entire data lifecycle

Disclosures to Users

• Purpose of Data Collection and Scope of Use
• Technical and Organizational Measures for Data Protection
• User Rights and How to Exercise Them
• Notification Process in Case of an Incident

Technical Countermeasures

• Application of Encryption Technology
• Implementation of the Latest Security Updates
• Implementation of Access Monitoring and Log Management
• Implementation of Malware Countermeasures

Operational Management

• Conducting regular security assessments and audits
• Establishment of incident response procedures
• Establishment of backup and recovery procedures
• Development and maintenance of business continuity plans

Connection Requirements

• Verification of Compliance with Security Standards
• Vulnerability Assessment Implementation
• Verification of Patch Management Status
• Verification of Access Control Functions

Continuous Monitoring

• System Performance Monitoring
• Security Event Detection
• Early Detection and Response to Anomalies
• Periodic Evaluation and Improvement

Education and Training

• Implementation of Regular Security Education
• Conducting incident response training
• Security Awareness Enhancement Measures

Management System

• Appointment of a Security Officer
• Conducting Regular Internal Audits
• Evaluation by External Experts

• Compliance with Relevant Laws and Regulations
• Compliance with Industry Standards and Guidelines
• Thorough Implementation of Privacy Protection

In the event of any violation of laws or regulations, breach of contract, or incident related to information security, we will take appropriate measures and strive to prevent recurrence.

• Regular policy review
• Response to New Threats
• Implementation of Continuous Improvement Activities

Massive Act Co., Ltd. endorses the purpose of the “SECURITY ACTION” self-declaration system and has declared its “SECURITY ACTION” two-star status.
We will strive to maintain and enhance our security level, instill security awareness among our employees, and create an environment where our services can be used with peace of mind.