NEI Data Security
Policies/Internal Regulations
Company-wide basic policy on personal information protection: https://ne.institute/terms_of_use
Specific internal rules for the protection of personal data:.
NEI regulates who owns the data, how it is handled, and access to personal information. The following internal policies have been developed. – Data Classification and Handling Policy
– Information Security Policy
– Information Security – Risk Management Organizational Hierarchy
– Compliance Policy
– Clean Desk and Work Area Standards
Formulation of procedures, etc. for the purpose of protecting personal information, and dissemination of such procedures to those engaged in the handling of personal information
NEI Admin Guide
NEI Teacher’s Guide
Employee’s consent form
Contractor Agreement
NEI has informed and agreed with the following documents.
Organization and Structure
Privacy Officer: Alexander Kamenev
Internal organization to promote personal information protection measures:.
NEI is committed to implementing internal policies that include the following. – Cyber Security and Risk Management Organizational
Hierarchy- Information Security
Policy- Organizational Hierarchy for Information Security and Risk
Management- Data Classification and Handling
Policy- Incident Response Policy
Contact for complaints and consultation regarding personal information
support@NE.Institute
System for responding to emergencies :
A manager is on duty 24 hours a day, every day. Emergency procedures have been established.
Flows and procedures for responding to emergencies :
There is a procedure for changing passwords for all systems.
Business operations
We have a clear understanding of the content of the personal information handling operations to be outsourced, and have appointed a person responsible for management. We do not re-consign or tertiary consign personal information handling operations. If we do, we will obtain the client’s consent.
Safety management
Company-wide security policies for networks, systems, media management, etc.: We are
We are working to implement an internal policy that includes the following – Cyber Security and Risk Management Organizational
Hierarchy- Information Security
Policy- Organizational Hierarchy for Information Security and Risk
Management- Data Classification and Handling
Policy- Incident Response Policy
Personal information records and security areas and devices are managed by:.
All employees and contractors work remotely and are managed in accordance with the Bring Your Own Device policy.
Personal information handling systems, who should be authorized to access the database and access control to the database:.
Management based on data classification and handling policy and incident response policy.
Access to the database is based on the principle of least to know/least privilege.
Storage of access logs for personal information handling systems and databases:.
Access to the personal data database is made through the NEI management system, which can be accessed after providing a valid individual username/password (according to the user’s role). The data is transferred via a secure connection HTTPS TLS 1.2.
A technical mechanism that prevents personal information from being taken outside the company without permission using portable storage media, the Internet, e-mail, etc.:.
All data is encrypted during storage and transfer using the industry standard algorithm AES256.
Measures to protect against unauthorized external access to systems that handle personal information:.
Student data is restricted to administrators and instructors. Instructors may access student data only when necessary, and this information is not accessible by instructors at any time. We have implemented anti-virus measures and prohibit the use of file sharing software for business purposes.
Education and Employees
Education on the protection of personal information for all employees (including contractors, part-time employees, and temporary employees): This information is contained in the following guides and consent forms.
NEI Admin Guide
NEI Teacher’s Guide
Employee Consent Form
Independent Contractor Agreement
Inspection and Audit
Inspections and audits of the operation of personal information protection measures:.
We routinely check access and strictly limit access to personal information on a ‘need to know’ basis.
Unauthorized access by external parties
Access to the personal data database is done through the NEI management system, which can be accessed after providing a valid individual username/password (depending on the user’s role). The data is transferred via a secure connection HTTPS TLS 1.2.
Attack on Data Transfer
Communication between the service user and the service is encrypted.
Influence of other co-users
We have implemented measures to ensure that a breach of confidentiality, availability, or integrity by one service user will not affect other users.
The data of service users is physically or logically separated for each user.
Virtualization technology
We conduct regular vulnerability assessments of the applications, platforms, servers, and storage devices used to provide our services, and implement countermeasures based on the results.
Software vulnerability countermeasures (OS and browser updates and patches) for software installed on servers and PCs used to provide services are implemented regularly and without delay.
We have implemented anti-malware measures on the servers and PCs used to provide our services.
The following access controls are implemented for personnel in charge of operations related to service provision.
Authentication method (ID, password)
– No shared IDs
Granting the minimum necessary privileges to operation staff
Maintenance (deletion of retired accounts, periodic review of accounts and access rights, etc.)
Access by the service user or the service user’s administrator is by password. No sensitive data will be stored. Access control cannot be set by the user’s administrator.
Encryption
All data is encrypted on storage and in transit using the industry standard AES256.
Decentralized management
When service user data is processed in a physically or logically distributed manner, there are mechanisms to prevent inconsistencies in the data.
End of cloud service usage
In accordance with the Terms of Use, data will be deleted at the end of the service if requested by the service user.
No storage media is used. All data storage is in the cloud.
log acquisition
Logs pertaining to service operations are retained long enough to track and resolve technical issues. Retention period: 15 months
Data and program changes
Management processes for programmatic changes in services are in place.
We will announce the time of maintenance in advance.
Batch job
Management processes for batch processing performed by the service are in place.
Server Location
The data center for the service is located in Tokyo.
Reduced availability of services
The monitoring system for the service is provided by Uptime Robot and Data Dog.
Service level
Service SLA:
https://ne.institute/terms_of_use
Acquisition of Information by Cloud Service Providers
Email addresses, location information, and SNS contact information entered by users are used to send limited information such as email newsletters from NEI.
Ada™
NEI uses a dedicated GPT model deployment hosted by the Microsoft Azure OpenAI cloud service. No personal information, contact information, or any identifying information is sent to the GPT model. The only data from the client profile sent to the GPT model is Interests & Occupation Keywords for the purpose of educational content personalization. NEI performs speech-to-text transcription via a Web Speech API using the built-in capabilities of Google Chrome and Safari browsers. The Client’s input transcription is encrypted at transfer and storage. Enterprise Private Cloud service is available. Please inquire for a cost quotation.