Skip to main content

Security Measures Implemented at TimeTree

  • Updated

TimeTree has implemented the security control measures below to ensure that the information you entrust to us is handled with the utmost care.

Organizational Security Management

  • Appointed an Information Security Officer and are operating an Information Security Committee.
  • Established guidelines for information handling according to their classification and are operating according to these guidelines.
    • In particular, we have separately established internal rules for the handling of personal data, and when using service providers, we select them in advance after taking their security level into consideration.
  • Established a response flow in case of loss and other suspected information leakage problems and implemented a system to investigate, report, and respond promptly.
  • Established regulations concerning internal audits and are conducting such audits.

Human Security Management

  • Implemented information security guidance to our executives and employees to raise awareness.
  • Accounts for directors and employees are issued individually, and sharing of accounts related to personal data is prohibited.
  • When an employment relationship ends, the departing individual’s account is blocked immediately.
  • Have our executives and employees enter into a written pledge of confidentiality, with internal regulations stipulating penalties for violations.

Physical Security Management

  • Installed software equipped with antivirus functionality and a remote data-wipe function on our devices used for work.
  • Within our offices, we appropriately manage entry and exit in accordance with policies established for each area.
  • Established rules for safely disposing of and personal data, devices used for work and paper media using a shredder or external providers, etc.

Technical Security Management

  • Logical access controls for each director and employee, restricting access so that information can be accessed only within the scope necessary for business purposes and only when authentication is valid. We also conduct periodic reviews of access privileges.
  • Established guidelines for regularly inspecting our systems for vulnerabilities.
  • Encrypted communication channels over the internet.
  • We implement measures to prevent leakage when handling information in our systems, such as encrypting data at rest.
Was this article helpful?