Security

Security at Stella Maris

Security is not just a service we sell — it's the standard by which we operate. This page discloses our fundamental approach to information security, operational frameworks, data protection practices, and external commitments.

Security Action

SECURITY ACTION Two-Star Declaration

We have declared participation in the SECURITY ACTION two-star level — a self-declaration framework for information security measures promoted by Japan's Ministry of Economy, Trade and Industry (METI) and the Information-technology Promotion Agency (IPA).

Through the publication of our information security policy and the implementation of self-assessments, we continuously advance organizational information security measures. Going forward, we remain committed to practical operational improvements beyond regulatory compliance, and to maintaining an environment our clients can use with confidence.

Information Security Policy

We treat information security as a foundation of business continuity, recognizing the assurance of confidentiality, integrity, and availability as a key management priority. We view security not as a constraint but as the foundation supporting trustworthy business operations, and continuously work to establish the necessary controls, technical measures, and operational frameworks.

Data Protection

Client data is stored in cloud environments located in Japan, with operations designed to protect data both at rest and in transit. Access rights are managed based on business necessity, avoiding unnecessary privilege grants and conducting regular reviews. Rules are also established for data retention periods and disposal procedures.

Infrastructure & Operations

We select cloud infrastructure from providers with appropriate security management practices, and conduct ongoing reviews in line with operational needs. Vulnerability remediation, software and configuration updates, and change management are carried out in a planned manner that accounts for business impact.

Organizational & Personnel Controls

We believe that maintaining robust information security requires not only technical measures but also organizational and personnel-level controls. We provide ongoing security training for all personnel, maintain appropriate access controls based on job responsibilities, and conduct regular access reviews.

Incident Response

We maintain documented procedures to respond effectively in the event of an information security incident. This includes assessing the situation, confirming the scope of impact, taking corrective action, and notifying relevant stakeholders — all carried out promptly and appropriately. Procedures are also reviewed and improved as needed.

Continuous Improvement

We believe that information security measures must be continuously reviewed in response to changes in the business environment and threat landscape — not treated as a one-time effort. We regularly review our policies, rules, and operational frameworks, and make improvements as needed to advance more effective security practices.

Security inquiries

For security questions, vulnerability disclosures, or security assessments during procurement, please reach out below.