1. Purpose and Scope
Y Soft Corporation is committed to protecting its information assets against all threats—whether internal or external, deliberate, or accidental—to ensure the preservation of confidentiality, integrity, and availability of information.
This Information Security Policy applies to:
-
All employees, contractors, and relevant third parties,
-
All information processed, stored, or transmitted by Y Soft Corporation,
-
All business activities, products, and services, with a particular focus on cloud‑based solutions.
The policy establishes the foundation for Y Soft's Information Security Management System (ISMS) and supports the achievement of the company’s strategic, business, and customer objectives.
2. Management Commitment
Y Soft Corporation’s top management fully supports information security and is committed to:
-
Establishing, implementing, maintaining, and continually improving the ISMS in accordance with ISO/IEC 27001,
-
Reinforcing information security objectives in alignment with business goals,
-
Providing the necessary resources to drive effective information security management.
Information security is recognized as a shared responsibility across the organization, requiring active involvement from management and employees.
3. Information Security Objectives
Y Soft Corporation defines and regularly reviews information security objectives that:
-
Support business continuity and service reliability,
-
Reduce the likelihood and impact of information security incidents,
-
Protect customer and partner information,
-
Ensure compliance with applicable legal, regulatory, and contractual requirements.
The framework for setting and evaluating these objectives is defined within the ISMS.
4. Risk‑Based Approach
Information security at Y Soft Corporation is managed through a systematic, risk-based approach. Information security risks are:
-
Identified, analyzed, and evaluated based on potential impact and likelihood,
-
Treated through appropriate technical and organizational controls,
-
Reviewed regularly to reflect changes in business, technology, or threat landscape.
Risk management is an essential tool for preventing disruptions, data loss, and security incidents.
5. Compliance and Legal Requirements
Y Soft Corporation is committed to complying with all applicable:
-
Legal and regulatory requirements (including data protection and privacy laws),
-
Contractual obligations,
-
Recognized information security standards and codes of practice.
Compliance is monitored as part of the ISMS and supported through policies, controls, and awareness activities.
6. Roles and Responsibilities
Clear roles and responsibilities for information security are established within the organization:
-
Overall governance and accountability for information security are assigned by top management
-
Security roles may be performed by internal employees or qualified external service providers
-
All employees are required to act in accordance with this policy and supplementary security rules
Competence and awareness of individuals with security‑related responsibilities are maintained and regularly developed.
7. Awareness and Continuous Improvement
Y Soft Corporation promotes information security awareness across the organization through regular communication, training, and education.
The ISMS is subject to:
-
Continuous monitoring and measurement
-
Internal and management reviews
-
Corrective and improvement actions to enhance effectiveness and resilience
8. Policy Review and Communication
This Information Security Policy is:
-
Approved by top management
-
Communicated to all employees and made available to relevant interested parties
-
Reviewed at planned intervals and upon significant organizational or environmental changes to ensure its continued suitability
Last updated: May, 2026
