Policy and External Certifications
2023.07.31
LINE Corporation has established as its internal policy the rigid implementation of actions to protect user information. For objective assessment of its activities, the company has acquired and maintained international certifications in information security and privacy.
ISO 27001 certification
LINE Corporation and its principal subsidiaries have acquired certifications under ISO 27001, the international standard on information security management systems (ISMS) that is most widely recognized around the world.
JIS Q 27001 (ISO/IEC 27001) is a standard designed to build a framework in which an organization is able to identify the information assets to be protected and to maintain and upgrade in a balanced manner the confidentiality, integrity and availability of each asset.
|
Certified business enterprises: |
LINE Corporation, LINE Fukuoka Corporation, LINE Marketing Partners Corporation, LINE Healthcare Corporation |
|
Certification number: |
IS 509132 |
|
Certification standard: |
JIS Q 27001:2014 (ISO/IEC 27001:2013) |
|
Scope of certification & registration |
The planning, development and management of Web Services. |
|
Date of initial certification |
January 10, 2007 |
|
Certification body: |
BSI Group Japan |
SOC2 & SOC3
LINE has obtained the assurance reports SOC (System and Organization Controls) 2 and 3 over security and privacy principles for internal controls which support the LINE messenger service. The SOC2 and SOC3 reports guarantee to users the reliability of overall internal controls such as the organization, the management system, and processes, which operate the service.
# SOC 2 and SOC 3 are assurance reports that can be obtained only through audit and verification that the business processes for the services provided and the control environment satisfy a total of 127 criteria founded on the 5 fundamental principles of (1) service security, (2) availability, (3) processing integrity, (4) confidentiality and (5) privacy and in compliance with the Trust Services Principles and Criteria defined by the American Institute of CPAs (AICPA) and the Canadian Institute of Chartered Accountants (CICA). Even if assurance reports have been issued in the past, organizations are required to undergo thorough audit each year for updates.
The SOC 3 Report can be downloaded here.
# SOC 2 Report disclosure is restricted to a limited scope and is not disclosed openly.
PCI DSS Level 1 Certification
LINE Pay has obtained PCI DSS (Payment Card Industry Data Security Standards) certification in order to securely protect user’s credit card and transaction data.
PCI DSS is a security standard for the credit card and transaction data of credit card holders as defined by the PCI Security Standards Council, which consists of 5 global payment service providers—American Express, Discover Financial Services, JCB International, MasterCard, and VISA Inc.
PCI DSS is comprised of 12 requirements in 6 areas. To obtain PCI DSS Level 1 certification, organizations are required to meet all these requirements through on-site inspection by the QSA (Qualified Security Assessor: a certification security evaluation organization) and regular network scans.
LINE Pay has gone through a vigorous verification process to obtain PCI DSS certification, and LINE Pay has been verified as a reliable payment service which provides secure service to users.