Text Annotation
Audio Annotation
Image & Video Annotation
Generative AI, LLM, RAG Data Structuring
AI Model Development
In-House Support
For the medical industry
For the automotive industry
For the IT industry
For the manufacturing industry
Table of Contents
- 1. Introduction
- 2. Factors Leading to Excessive Information Security Management Demands on Annotation Service Vendors
- 3. Trends in Information Security Requirements for Annotation Service Vendors
- 4. For Appropriate Information Security
- 5. Summary
- 6. Human Science Teacher Data Creation, LLM RAG Data Structuring Agency Service
1. Introduction
Our company has built various information security frameworks tailored to customer requirements and performed annotations accordingly; however, even for similar data, the information security management requirements vary depending on the customer. We also often receive questions such as "How strict should the security requirements be for outsourced vendors handling this kind of data?" In reality, many wonder, "To what extent should information security measures be implemented?", "Are these security demands common?", and "What are other companies doing?" Today, we will share common security requirements and trends, practical compromises, and key points for setting appropriate information security requirements for annotation service vendors.
▼Related Blog Posts
2. Factors Leading to Excessive Information Security Management Demands on Annotation Service Vendors
First of all, information security measures and management systems have no end if you keep demanding more. The more you demand, the more the availability of data is lost, and generally, costs increase at the same time. As advocated by ISMS, the international standard for information security management, it is necessary to implement balanced measures and controls for the "confidentiality," "integrity," and "availability" of data as information assets. When it comes to information security, confidentiality tends to be overly emphasized, and the more security is considered, the more confidentiality measures increase. From our experience so far, the following factors have had a significant impact, and there are many cases where excessive security requirements are demanded of annotation service vendors.
●There is a security policy within the client company, and compliance is unavoidable
This is somewhat inevitable in a way, but the tendency seems to be stronger the larger the company. Especially for large companies, they usually have a long history and have likely experienced some incidents, and furthermore, if they are publicly listed companies, they are required to have appropriate governance, so it is natural that their information security policies become stricter. However, this is just my personal impression, but in recent trends, it seems that many companies have become more flexible depending on the data they handle.
●Overestimating Risks (Risk Overvaluation)
There are many cases where clients, feeling uneasy about the annotation service vendor's information security measures and unable to take responsibility if something happens, demand strict security measures and requirements. This is especially true when dealing with a vendor for the first time, so it is natural to have significant concerns. However, leaving these concerns unaddressed makes it impossible to set appropriate security requirements for the vendor.
Next, in order to set appropriate security measures and requirements, we will share the security requirements, trends, and practical compromises based on our past experiences.
3. Trends in Information Security Requirements for Annotation Service Vendors
Security measures and requirements should originally be set based on risks such as data leakage. However, it is also true that even for data requiring similar security requirements, there are overall tendencies that vary by industry, with some being stricter than others. Using our company’s cases as an example, here we summarize what kinds of requirements are often demanded depending on the data handled, whether there are industry-specific trends, and illustrate this using "work location," which succinctly represents security requirements.
This merely represents the general trends of projects requested from our company and is not necessarily always the case. The largest volume zone is "domestic telework," followed by "offshore," and these two account for most of the work requested from us. It seems that these options are often chosen with consideration for the balance with cost.
Customers who choose the "Our Security Room" option often do so not only because of the security requirements of the data they handle but also significantly influenced by their own security policies. Although it is quite rare, some customers select the "Customer Office," which offers the highest security level; in these cases, the choice is often based not only on the security requirements of the data handled but also on factors such as the convenience for on-the-job training (OJT) and other considerations.
| Security Level | Work Location | Frequently Handled Data | General Customer Trends |
|---|---|---|---|
| Highest | Customer Office | Personal information and equivalent data, data that cannot be taken outside the company, highly confidential data including high-profile unpublished and cutting-edge development information | Major overseas IT companies, major domestic companies (medical sector) |
| High | Our secure room | Personal information and equivalent data, anonymized processed information, highly confidential data | Major overseas IT companies, major domestic companies (medical, IT, financial sectors, etc.) |
| Chinese | Domestic telework (Workers with NDA signed) | Anonymized information, data subject to export screening, and general data with relatively low confidentiality | University research institutions, major domestic companies (manufacturing), AI development vendors, etc. |
| Low | Offshore (Partner companies with NDA concluded) | Publicly available data and data equivalent to confidential | AI development vendors, domestic companies, etc. |
▼Related Blog Posts
[Spin-off] Creating an Annotation Work Environment Onsite (In Our Company's Security Room)
4. For Appropriate Information Security
As mentioned earlier, it is important to set appropriate security requirements and base them on the asset value and risks of the data handled when requesting annotation service vendors. This is also one of the fundamental concepts in information security management certification standards such as ISMS. However, when outsourcing to a vendor, the security risks involved cannot be accurately calculated or evaluated without verifying the actual security measures implemented by the vendor.
Also, simply having obtained ISMS should not lead to complacency. Management systems like ISMS are essentially frameworks that specify what rules and controls are necessary, but the content and details of those rules and controls are left to each individual company. Therefore, it is essential to verify the specific security measures and controls actually implemented from the four perspectives of technical, physical, human, and organizational aspects.
Even when requiring work in a security room, it is important to visit the vendor and personally verify what management measures are actually being implemented. This serves as an effective means to prevent the overestimation of risks stemming from anxiety.
5. Summary
So far, we have discussed the factors that lead to the overestimation of information security risks and the specific measures to address them. What is important, without a doubt, is the verification of concrete security measures and controls, and having an annotation service vendor who can flexibly respond according to the data handled and information security requirements, proposing and implementing the optimal security measures.
Additionally, information security is based on each company's own security policies and perspectives. Therefore, there is no absolute right or wrong. However, if you have been applying uniform security requirements and measures to vendors regardless of the data handled, we recommend revisiting the security risks of the data in question and reconsidering your approach.
▼Related Blog Posts
6. Human Science Teacher Data Creation, LLM RAG Data Structuring Agency Service
Over 48 million pieces of training data created
At Human Science, we are involved in AI model development projects across various industries, starting with natural language processing and extending to medical support, automotive, IT, manufacturing, and construction, just to name a few. Through direct business with many companies, including GAFAM, we have provided over 48 million pieces of high-quality training data. No matter the industry, our team of 150 annotators is prepared to accommodate various types of annotation, data labeling, and data structuring, from small-scale projects to big long-term projects.
Resource management without crowdsourcing
At Human Science, we do not use crowdsourcing. Instead, projects are handled by personnel who are contracted with us directly. Based on a solid understanding of each member's practical experience and their evaluations from previous projects, we form teams that can deliver maximum performance.
Generative AI LLM Dataset Creation and Structuring, Also Supporting "Manual Creation and Maintenance Optimized for AI"
We support not only labeling for data organization and training data creation for identification-based AI, but also the structuring of document data for generative AI and LLM RAG construction. Since our founding, manual production has been our main business and service, and we now also provide support for "organizing business knowledge and manualization toward future generative AI and RAG introduction and utilization." We offer optimal solutions leveraging our unique expertise deeply familiar with the structure of various documents.
Secure room available on-site
Within our Shinjuku office at Human Science, we have secure rooms that meet ISMS standards. Therefore, we can guarantee security, even for projects that include highly confidential data. We consider the preservation of confidentiality to be extremely important for all projects. When working remotely as well, our information security management system has received high praise from clients, because not only do we implement hardware measures, we continuously provide security training to our personnel.
In-house Support
We also provide personnel dispatch services for annotation-experienced staff and project managers who match our clients' tasks and situations. It is also possible to organize teams stationed at the client's site. Additionally, we support the training of your workers and project managers, selection of tools tailored to your situation, automation, work methods, and the construction of optimal processes to improve quality and productivity. We assist with any issues related to annotation and data labeling that our clients may face.
Return to the top of the page
+81 35-321-3111[Tokyo Headquarters] 
Contact Us
Request for Information
TOP
SITE MENU