ISMS (ISO/IEC 27001:2013) Certification

Yaraku Inc. has been certified to the international information security management system (ISMS) standards (ISO/IEC 27001:2013 and JIS Q 27001:2014) as of December 22, 2022.

Summary of Certification and Registration
Registered Organization: Yaraku Inc.
Scope of certification registration: Planning and development of multilingual communication tools and provision of related services
Certification Standard: ISO/IEC 27001:2013
Certificate Number: IS778669
Certification Registration Date: December 22, 2022

Database

In YarakuZen, translation data is managed individually for each user. Third parties are not able to access or change the database. Within Yaraku Inc, only authorized employees can access the database and will do so only for system maintenance and troubleshooting purposes.

Data will not be disclosed except for certain circumstances, such as when approved by customers, or when required to do so by law.

Data in the database is always backed up. In the unlikely event that data is lost due to human error, data in the system can be restored from any of the past 14 days worth of backups.

Encryption

In YarakuZen, all communications and sent data is encrypted with SSL※. As such, third parties cannot read or modify the contents. Also, highly confidential data such as passwords are encrypted in the database.

※ SSL is an abbreviation of Secure Socket Layer, which is a mechanism widely used in Web pages and online payment transactions to encrypt communication contents and prevent illegal viewing and tampering. To prevent data theft and tampering, all data communication is encrypted.

Vulnerability Testing

Vulnerability testing is conducted regularly to ensure that the system is safe. System monitoring is always active (24/7), to track system resources (disk usage status, memory) for any abnormalities.

Hacking Countermeasures

Our system firewall protects against unauthorized access attempts and other security problems.

YarakuZen takes various measures to guard against hacking risks such as SQL injection, cross site scripting, OS command injection, HTTP header injection, deficiency of the session management, etc against the server and the database.

Data Center

YarakuZen is working with Amazon Web Services(AWS) data center. AWS data centers are equipped with independent power supply, air conditioning and network operation. In the event of failure, servers will switch over to another data center automatically.

Each AWS data center has its own site security, disaster prevention measures, and risk management. For more information on Amazon Web Services, please refer to the AWS Security Center and the AWS Data Center Controls page.

Security Options

• SSO: SAML(Security Assertion Markup Language)-based authentication for single sign-on is available. Authentication with Microsoft ADFS or Google G Suite is also available.
• IP Address Restriction: Restrict access to YarakuZen by IP address.
• Password Strength Settings: Options to schedule periodic changes of passwords, set minimum character length of passwords, require combinations of upper- and lower-case or numerals and other such password rules.
• Automatic Document Deletion: Set all documents to delete after a specified period for added security when working with confidential translation documents.
• Server Options: Depending on the customer's security requirements, we can install a dedicated server in private cloud (VPC). For more details, please contact us from our Inquiry page.

Integration & Partners

Sony Network Communications will utilize the technical expertise and know-how they have cultivated as an Internet service provider to provide support for comprehensive and secure integration of YarakuZen.

With various security measures, provided integration services such as server setup, maintenance, and operation services are tailored to meet customer's various requirements. For more details, please visit the Sony Network Communications YarakuZen integration support page