Information Security Policy
IMPACTLAKE Pte. Ltd. and IMPACTLAKE Co. Ltd. (collectively, the “IMPACTLAKE,” “we,” or “our”) recognize theIMPACTLAKE Pte. Ltd. and IMPACTLAKE Co. Ltd. (collectively, “IMPACTLAKE,” “we,” or “our”) recognize the information assets handled in the design and development of software and digital solutions, and in related operations using cloud services, SaaS, source code repositories, and subcontractors, as important management resources. To meet the trust of customers, business partners, users, employees, and other interested parties, IMPACTLAKE works to ensure information security based on the following policy.
This Policy sets out the common information security principles of IMPACTLAKE. IMPACTLAKE Co. Ltd. applies this Policy within its own management responsibility and ISMS scope, and establishes, operates, and continually improves its information security management system (ISMS). The scope of any ISO/IEC 27001 certification is limited to the scope stated in the applicable certificate or audit registration scope.
- Protection of Information Assets
IMPACTLAKE implements necessary and appropriate controls to ensure the confidentiality, integrity, and availability of the information assets it handles, including customer information, personal information, contract information, business confidential information, source code, authentication credentials, logs, and business documents. - Compliance with Legal, Regulatory, and Contractual Requirements
IMPACTLAKE complies with laws, government-issued guidelines, and other standards concerning information security and personal information protection, as well as contractual requirements with customers, business partners, subcontractors, and service providers. - Information Security Governance
IMPACTLAKE defines information security responsibilities and authorities, and establishes management structures appropriate to each entity’s business, scale, and management responsibility for the handling of information assets, access rights, cloud services, SaaS, development environments, and subcontractors. - Risk Assessment and Implementation of Controls
IMPACTLAKE assesses risks to information assets by considering relevant threats and vulnerabilities, selects and implements controls according to the significance of those risks, and reviews residual risks as part of management decision-making and continual improvement. - Access Management and Protection of Credentials
IMPACTLAKE grants access to information assets only to the extent necessary for business purposes, and appropriately manages IDs, passwords, API keys, private keys, and other authentication credentials. Access rights and credentials that are no longer required are promptly reviewed or removed. - Management of Cloud Services and Subcontractors
When using cloud services, SaaS, external subcontractors, or other external services, IMPACTLAKE confirms and manages the purpose of use, information handled, access rights, contractual terms, security settings, and operational status. - Incident Response
If IMPACTLAKE identifies an information security incident or a suspected incident, it promptly confirms the facts, assesses the impact, contains the incident, notifies relevant parties as necessary, restores affected operations, and implements measures to prevent recurrence. - Education and Awareness
IMPACTLAKE provides education and awareness activities to employees and, where necessary, subcontractors regarding the appropriate handling of information assets and personal information, protection of confidential information, incident response, and other necessary information security matters. - Continual Improvement
Through internal audits, management reviews, operational reviews, and the management of incidents and improvement actions, IMPACTLAKE continually reviews and improves this Policy and its information security management structures. - Communication and Publication of this Policy
IMPACTLAKE communicates this Policy to employees and, where necessary, to business partners, subcontractors, and other interested parties, and publishes it on its website.
Established: June 11, 2025
Last revised: January 1, 2026
IMPACTLAKE Pte. Ltd.
Director: Reona Sekino
IMPACTLAKE Co. Ltd.
Representative Director: Reona Sekino
Contact regarding this Policy
Information Security Contact, IMPACTLAKE
Email: contact@impactlake.com
Contact form: https://impactlake.com/corp/jp/contact/