Chatwork

Safety and trust

Meets bank-level security standards

To ensure that our customers can conduct their business communications with confidence, Chatwork operates a service that pays close attention to security from various angles ranging from the construction of information management systems to security auditing.

Safety and trust

Levels of security suitable even for large enterprises and government agencies

Chatwork has concluded a business partnership with KDDI Corporation and jointly developed enhanced security and management functions that can be used even in large organizations.

These security standards and management functions are suitable for organizations of all sizes, from small to medium enterprises to large enterprises and government agencies. As of the end of , more than companies are using them.

Secure communications

Some internet services carry the risk of communications being tampered with or viewed by third parties while in transit.

All communications in Chatwork are encrypted using SSL/TLS, meaning that third parties cannot see their contents.

In addition, uploaded files are encrypted using the high-grade encryption method AES 256.

*SSL/TLS
SSL is short for Secure Socket Layer. SSL is a mechanism to encrypt the contents of communications to ensure privacy and data integrity, widely used on web pages that offer online payments and the like.
TLS is short for Transport Layer Security, and it is standardized based on the latest version of SSL.
On Chatwork, protocols that are deprecated because vulnerabilities have been discovered in them (such as SSL 2.0/3.0) cannot be used.

Strict data management

The valuable information we collect from customers is managed with an eye towards respecting customer privacy and safeguarding information.

The information can be accessed only inside our company with its strong security system, only by select personnel, and only for the purpose of system maintenance.

We will not disclose customer data except in certain specific circumstances, such as when customers consent to the disclosure or when we are required by law to disclose data.

An operational framework that complies with international security standards

ISMS

Chatwork operates in accordance with strict security standards, having obtained ISO27001 (ISMS) [*1] certification, an international standard that major security companies have registered for; ISO27017 [*2] certification, an international standard that applies to the provision and use of cloud services; and ISO27701 [*3] certification, an international standard pertaining to privacy information.

In addition, we periodically audit things such as the structure of the Chatwork program inside and outside the company to detect any security issues. We also monitor our servers on a 24-hour basis, and system personnel is immediately notified of any abnormalities that are detected.

(*1): ISO27001 (ISMS)
An international standard for adequately managing various risks related to information held by organizations to increase the value of the organization.
(*2): ISO27017
A practical international standard defining guidelines for preventive measures against various cloud-related risk factors to realize "cloud security" that will be indispensable in the age to come.
(*3): ISO27701
ISO27701 is an international standard that stipulates guidelines and requirements for protecting privacy that could be affected due to personal information processing.

*A third-party organization audits things such as the Chatwork program structure for security issues

*Certified at the Tokyo and Osaka offices

Data centers with advanced security and reliability

Chatwork makes use of Amazon Web Services (AWS) data centers. AWS is a data center service provided by Amazon that is designed, built, and operated based on the company's long experience of operating large data centers.

These data centers are certified and recognized as extremely reliable and have an excellent track record.

Distributing the risk of failure

AWS servers are deployed across different data centers with independent power, air conditioning, and networking environments.

Even if a hardware failure or network failure occurs in a specific data center, continued operation is assured because the service automatically switches to a waiting server in another data center.

A reliable backup system

Data in the database is always backed up, so data can be restored in the unlikely event that data loss occurs due to a mistake by the system administrator or the like.

Additionally, backup data is stored on the dedicated server of a system that is completely separate from the operations server.

We use Amazon S3 for storing backup data. Amazon S3 is designed to provide 99.999999999% durability of objects over a given year because it stores data redundantly across multiple facilities.

For more details about Amazon Web Services security, please visit the AWS security center.