Fundamental policy on information security
At Strike Group Co., Ltd., we recognize the critical importance of personal information and our deep social responsibility to protect it. We are strictly committed to complying with all relevant laws, regulations, and internal policies to safeguard the collection, use, and management of all personal information entrusted to us.
Fundamental policy on personal information protection
At Strike Group Co., Ltd., we understand the importance of personal information and recognize our social responsibility to protect it. We are committed to complying with all relevant laws, regulations, and internal policies to properly acquire, use, and manage the personal information we handle.
Information security system
We have established a dedicated Security Team within our Information Systems Department, which regularly audits our security posture. Based on the audit results, the team formulates improvement measures to mitigate information security risks. Furthermore, the team is responsible for incident response, operating year-round to immediately address risks such as lost or compromised employee devices. As part of our broader security initiatives, we also undergo external risk assessments and apply the findings to strengthen our security measures.
Information security measures
Acquisition of ISO 27001 certification
In March 2024, we obtained ISO 27001 certification—the international standard for information security management systems—to provide our clients with the highest levels of assurance and trust.
Training by external experts
Additionally, comprehensive information security training is conducted quarterly for all employees by external experts, complete with verification tests to ensure high security awareness.
Simulated anti-phishing email training
To prevent virus infections and data leaks caused by malicious email attacks, we conduct targeted email security training for employees. To make the training as practical as possible, we deploy highly realistic simulated emails designed to test whether employees might inadvertently click on suspicious links. This training heavily emphasizes the incident response procedures employees must follow in the event they click a simulated phishing email link, including reporting to the Information Systems Department.
