HomeSecurity

Security Policy

Security of YarakuZen

In YarakuZen, we build our information management system and available services with great care to ensure your business runs smoother.

Security Features

  • Compartmentalized Management of Data and Application
  • Data Encryption
  • Regular Data Backups
  • 24/7 System Monitoring
  • Vulnerability · Hacking Countermeasures
  • SSO (Single sign-on)
  • Private Cloud installation

Compliance Programs

YarakuZen is compliant with international standards

ISMS (ISO/IEC 27001:2013) Certification

Yaraku Inc. has been certified to the international information security management system (ISMS) standards (ISO/IEC 27001:2013 and JIS Q 27001:2014) as of December 22, 2022.

Summary of Certification and Registration
Registered Organization: Yaraku Inc.
Scope of certification registration: Planning and development of multilingual communication tools and provision of related services
Certification Standard: ISO/IEC 27001:2013
Certificate Number: IS778669
Certification Registration Date: December 22, 2022

Data Management of YarakuZen

Data stored in YarakuZen is managed to ensure that your privacy is protected.

Database

In YarakuZen, translation data is managed individually for each user. Third parties are not able to access or change the database. Within Yaraku Inc, only authorized employees can access the database and will do so only for system maintenance and troubleshooting purposes.

Data will not be disclosed except for certain circumstances, such as when approved by customers, or when required to do so by law.

Data in the database is always backed up. In the unlikely event that data is lost due to human error, data in the system can be restored from any of the past 14 days worth of backups.

Encryption

In YarakuZen, all communications and sent data is encrypted with SSL※. As such, third parties cannot read or modify the contents. Also, highly confidential data such as passwords are encrypted in the database.

※ SSL is an abbreviation of Secure Socket Layer, which is a mechanism widely used in Web pages and online payment transactions to encrypt communication contents and prevent illegal viewing and tampering. To prevent data theft and tampering, all data communication is encrypted.

Vulnerability · Hacking Countermeasures

In order to protect valuable customer’s data, various vulnerability and hacking countermeasures are taken.

Vulnerability Testing

Vulnerability testing is conducted regularly to ensure that the system is safe. System monitoring is always active (24/7), to track system resources (disk usage status, memory) for any abnormalities.

Hacking Countermeasures

Our system firewall protects against unauthorized access attempts and other security problems.

YarakuZen takes various measures to guard against hacking risks such as SQL injection, cross site scripting, OS command injection, HTTP header injection, deficiency of the session management, etc against the server and the database.

YarakuZen Infrastructure

YarakuZen is hosted in AWS infrastructure that meets stringent security requirements.

Data Center

YarakuZen is working with Amazon Web Services(AWS) data center. AWS data centers are equipped with independent power supply, air conditioning and network operation. In the event of failure, servers will switch over to another data center automatically.

Each AWS data center has its own site security, disaster prevention measures, and risk management. For more information on Amazon Web Services, please refer to the AWS Security Center and the AWS Data Center Controls page.

Options · Integrations

Various options are available for easy and safe adoption of YarakuZen.

Security Options

  • SSO: SAML(Security Assertion Markup Language)-based authentication for single sign-on is available. Authentication with Microsoft ADFS or Google G Suite is also available.
  • IP Address Restriction: Restrict access to YarakuZen by IP address.
  • Password Strength Settings: Options to schedule periodic changes of passwords, set minimum character length of passwords, require combinations of upper- and lower-case or numerals and other such password rules.
  • Automatic Document Deletion: Set all documents to delete after a specified period for added security when working with confidential translation documents.
  • Server Options: Depending on the customer’s security requirements, we can install a dedicated server in private cloud (VPC). For more details, please contact us from our Inquiry page.

Integration & Partners

Sony Network Communications will utilize the technical expertise and know-how they have cultivated as an Internet service provider to provide support for comprehensive and secure integration of YarakuZen.

With various security measures, provided integration services such as server setup, maintenance, and operation services are tailored to meet customer’s various requirements. For more details, please visit the Sony Network Communications YarakuZen integration support page.

Information Security Policy

Basic Philosophy

Yaraku Co., Ltd. (hereinafter referred to as “the company”) conducts business based on the philosophy of “enjoying global communication”.
The Information assets handled by the company, such as customer information, are extremely important to us as the foundation of our business.
To guard against the risk of leakage, damage, loss, etc., we recognize the importance of protecting information assests and all personnel who handle information assests, including officers of the company and any personnel responsible for information protection, must comply with the following policy to maintain the confidentiality, integrity, availability, and other aspects of information security of information assets.


Basic Policy

  1. In order to protect information assets, we will formulate an information security policy and related regulations; and conduct business in accordance with this policy, as well as comply with legislaion, regulations, and other norms related to information security, as well as contractually-agreed terms with customers.
  2. We will determine the criteria for analyzing and evaluating risks such as leakage, damage, and loss of information assets, establish systematic risk assessment methods, and carry out risk assessments on a regular basis. Based on the results, we will implement necessary and appropriate security measures.
  3. We will establish an information security system centered on the officer in charge and clarify authority and responsibility for information security. In addition, all employees will be made aware of the importance of information security with regular education, training and development provided to ensure the proper handling of information assets.
  4. We will regularly inspect and audit the status of compliance with the information security policy and the handling of information assets, and promptly take corrective action for any deficiencies that are discovered or make improvements based on the inspection.
  5. In addition to taking appropriate measures against the occurrence of information security events and incidents, we will establish response procedures and protocols in advance such that in the unlikely event that an incident occurs, the damage will be minimized and all appropriate parties are notified as we respond and take appropriate corrective action. In addition, particularly for incidents related to business or service interruption, we will ensure business continuity by establishing a management framework and periodically reviewing it.
  6. We will establish and implement an information security management system with goals to realize our basic philosophy, while continuously reviewing and improving it.

Established September 30, 2022
Yaraku Inc.
Chief Executive Officer: Sakanishi Suguru