Information Security
Our Commitment to Security
Information Security Policy
As a company that provides SaaS platforms in the information security domain, Pentacon Research, Inc. considers the protection of information assets entrusted to us by our customers as a top management priority.
We have established and operate an Information Security Management System (ISMS) based on ISO/IEC 27001 to appropriately maintain the confidentiality, integrity, and availability of information, and we are committed to continuous improvement.
We comply with applicable laws, regulations, and contractual obligations so that our customers can use our services with confidence.
We systematically identify and assess information security risks, and implement appropriate controls commensurate with the level of risk.
We regularly evaluate the effectiveness of our ISMS and pursue continuous improvement.
We secure the resources necessary to realize this policy and work company-wide to enhance information security.
Pentacon Research, Inc.
CEO Kazuya Hiradate
Certifications & Compliance
ISO/IEC 27001:2022
We are advancing preparations to obtain ISO/IEC 27001:2022 certification, the international standard for Information Security Management Systems (ISMS).
Data Protection Laws
We comply with applicable laws and regulations, including Japan's Act on the Protection of Personal Information, and handle our customers' personal data appropriately.
Security Initiatives
Encryption
All communications are encrypted with TLS/SSL, and stored data is protected with appropriate encryption measures.
Access Control
We implement multi-factor authentication (MFA), access privilege management based on the principle of least privilege, and data isolation at the contract level.
Vulnerability Management
We manage vulnerabilities through regular security audits of dependencies, deployment of a Web Application Firewall (WAF), and adherence to secure coding practices.
Incident Response
We have established procedures for detecting and responding to security incidents, and we are committed to rapid containment, recovery, and prevention of recurrence.
Business Continuity
By adopting a cloud-native architecture and automated backups, we ensure service availability and business continuity.
Auditing & Improvement
We conduct regular internal audits and management reviews to evaluate and improve the effectiveness of our security measures.
Cloud Security
We adopt a cloud-native architecture and do not own physical data centers. All cloud vendors we use hold internationally recognized security certifications.
| Vendor | Security Certifications |
|---|---|
| Vercel | SOC 2 Type II |
| Supabase | SOC 2 Type II |
| Cloudflare | ISO 27001, SOC 2 Type II |
| Microsoft | ISO 27001, SOC 2 Type II |
| Stripe | SOC 2 Type II, PCI DSS Level 1 |
Contact Us
For questions or inquiries regarding information security, please contact us at the address below.