Information Security Policy

FRONTEO, Inc. has obtained ISO27001 certification, an international standard for information security management systems (ISMS).

ISO27001 Certification

Organization Name FRONTEO, Inc.
Registered Organization FRONTEO, Inc. / P.C.F. FRONTEO, Inc. FRONTEO Korea / FRONTEO Taiwan
Initial Registration Date March 24, 2009
Applicable Standards JIS Q 27001:2014 (ISO/IEC 27001:2013)
Registration Scope The following services in the legal tech AI business
 ・e-Discovery and compliance support
 ・Forensics and training services
 ・Information security assessment and consulting services
 ・Forensic tool/software sales and agency services

The following operations in the AI solution business
 ・Sales and operational support of business data analysis systems
 ・Digital curation services

Businesses related to digital marketing
 ・Healthcare services
 ・Support related to economic security

Certification Body System Certification and Registration Center, Center for Better Living
Registration Number


We have established the following information security policy and operate and maintain an information security management system based on ISO27001, and are committed to strengthening and maintaining the security of our customers' valuable information assets in a safe and secure manner.

Information Security Policy

FRONTEO, Inc. conducts operations that handle data that requires a high level of confidentiality from our clients and services that require a high level of integrity and availability. We recognize that the protection of all information assets, including confidential information entrusted to us by our customers, is an important management issue for the maintenance and expansion of our business activities.

Based on this belief, we have established the "Information Security Policy" and declare that we will implement and promote it in order to actively work on the establishment, introduction, operation, monitoring, review, maintenance, and improvement of our information security management system.

  1. We will conduct training for all employees, and recognize that it is an important social responsibility to handle information assets appropriately, and act accordingly.
  2. We will comply with the information security regulations stipulated by our company, contractual security obligations, and laws and regulations related to information security, such as the Personal Information Protection Law.
  3. We will continuously analyze and evaluate the risks of threats and vulnerabilities to our information assets, thereby realizing an appropriate management system in accordance with the purpose of use and importance of the information assets.
  4. We will implement appropriate security measures based on risk analysis and assessment in order to protect our information systems.
  5. We will strive to maintain the availability of our information systems to prevent outages of the services we provide.
  6. In the unlikely event of an information security incident, we will promptly handle the situation, prevent the spread of damage, and work to prevent recurrence.
  7. We will ensure business continuity by minimizing business interruption due to serious information system failures or disasters as much as possible.
  8. We will strictly deal with any of our employees who violate the Information Security Policy and related regulations in accordance with our internal rules.