Effective Date: 20 August 2025
AIZOTH Inc.
Rieko Kawajiri, President & CEO
AIZOTH Inc. (hereinafter, the “Company”) establishes this policy as a subordinate policy under our Information Security Policy to maintain and enhance the information security of the cloud services and related services we provide. To uphold our customers’ trust, we commit to continual improvement.
1. Information Security Requirements in Design and Implementation
We apply appropriate controls to the design and implementation of our cloud services based on customers’ security requirements and this Policy.
2. Risk Management (Including Insider Risks)
We implement appropriate controls for cloud-specific risks (including insider risks) identified through risk assessments, and we provide ongoing education and training to employees and related personnel.
3. Segregation of Cloud Environments (Multi-tenancy / Virtualization)
Using proven virtualization and isolation technologies, we provide each customer with an environment that is logically or physically segregated.
4. Access to Customer Data by Company Employees
Except to the minimum extent necessary for service delivery, incident response, and similar purposes, we will not access customer data without prior authorization.
5. Access Control
Access to the administrative console of our cloud services requires identity verification with an ID and password. We plan to introduce multi-factor authentication (MFA) in the future and will update this Policy upon its implementation.
6. Change Management and Customer Notification
We conduct change management in accordance with our policies and rules. Where an impact is anticipated, we will appropriately notify customers by means such as posting on the cloud system dashboard and sending email notifications.
7. Account and Privilege Management
Administrator accounts are registered upon service subscription and deleted upon termination. We provide functions that enable customers, under their own responsibility, to register, modify, and delete user accounts.
8. Incident Notification and Information Sharing
If we become aware of an information security incident related to our cloud services, we will promptly notify customers who may be affected. We will share information we possess to the extent necessary and cooperate in the investigation of root causes.
9. Data Protection
In accordance with the shared responsibility model, we implement protection of data at rest (e.g., encryption).
10. Compliance and Continuous Improvement
We comply with applicable laws, contracts, guidelines, and ISMS/ISO standards, and we will continuously improve this policy and its operation through regular reviews.
