Contact us
facebookLinked InYoutube

Basic Policy for Information Security

HomeBasic Policy for Information Security
  1. Establishing ISMS
    Our company establishes an organization to promote ISMS in consideration of the requirements of our business partners, social demands, and our company’s business policy. We also establish ISMS by formulating information security management measures related to our company’s business.
  2. Requirements from our business partners
    To meet the expectations of our business partners, we handle information entrusted to us in accordance with established rules and procedures under the supervision of responsible personnel and in compliance with information security agreements we have with our business partners. With this, we ensure the safe management of information, and strive to continuously provide services to our business partners.
  3. Social requirements
    Our company shall comply with laws, regulations, and other norms related to information security, including the Act on the Protection of Personal Information and the Unfair Competition Prevention Act.
  4. Business requirements
    To achieve our company’s business objectives and to improve the satisfaction of our business partners, we establish an information security management policy and build an information security infrastructure.
    • a) ISMS Goals
      Our company sets ISMS goals each year, and establishes and continually improves our information security infrastructure.
    • b) Information Security Management System
      Our company has established ISMS, a management system to ensure and maintain information security. To maintain this ISMS and for risk management, the following system shall be established.
      • ■ Establishment of ISMS Committee
        Our company establishes an ISMS Committee, to deliberate on matters related to the effectiveness and adequacy of the ISMS. Members of the Committee shall consist of the head of the business units.
      • ■ Appointment of ISMS Committee Chairperson
        Our company appoints an ISMS Chairperson as the chief executive overseeing the ISMS.
      • ■ Clarification of authority and responsibility for information security
        Our company clarifies its authority and responsibility for information security through documented rules and regulations.
      • ■ Audit of Information Security
        Our company conducts periodic independent audits to verify compliance with the policy and specified information security control measures.
    • c) Conducting risk assessments
      To appropriately control risks to our company’s information assets, we have established clear criteria for risk evaluation and conduct systematic risk assessments. Based on the results of the assessment, we formulate appropriate information security control measures.
    • d) Implementation of information security control measures
      To protect our company’s information assets from threats such as leakage, falsification, loss, etc., we implement appropriate control measures based on the results of risk assessments.
      • ■ Physical Security Measures
        • ● Prevention of unauthorized access to facilities where information assets are used or stored or information systems are installed
        • ● Prevention of unauthorized physical access to information assets
        • ● Physical measures to prevent damage to information assets, etc.
      • ■ Personnel Security Measures
        • ● Clarification of authority and responsibility for information security measures
        • ● Providing regular education for all employees on the basic policy and information security control measures
        • ● Ensuring business unit heads are thoroughly familiar with specific information security-related procedures
      • ■ Logical Security Measures
        • ● Ensure access control to information assets
        • ● Prevention of unauthorized external access to information assets via the network
        • ● Implementation of appropriate protection measures against computer viruses and other malware
        • ● Implementation of technical measures related to network management, etc.
        • ● Implementation of operational measures related to network monitoring and confirmation of basic policy compliance, etc.
      • ■ Other Measures
        • ● Management of information security aspects of external contractors
        • ● Collaboration with external organizations
    • e) Prevention and correction of information security incidents and accidents
      In the unlikely event of an information security incident, accident, or breach, our company establishes a system to minimize damage and loss, promptly takes appropriate corrective action, and works to prevent recurrence.
    • f) Implementation of business continuity management
      Our company minimizes the impact to our information assets and manages disruptions to our business activities resulting from a significant failure or disaster. We have established a framework for business continuity management and have developed, maintained, tested, and implemented a business continuity plan.
  5. Review of the basic policy
    Our company will review its basic policy as necessary based on audit results and changes in our company’s external environment.
  6. Code of Conduct for Information Security
    Our company’s officers and employees shall comply with the following Code of Conduct.
    • a) We will understand and comply with this basic policy and act accordingly.
    • b) We understand the importance and risks of information obtained from external sources and ensure to maintain confidentiality.
    • c) We understand the importance and risks of internal information and prevent its leakage and loss.


Junichi Nojima, President and CEO