Information Security Policy
1. Applicable Scope
The "information assets" covered by this policy include all information retained for business purposes, such as learned information or information obtained in the Company's corporate activities, including, but not limited to, the IT infrastructure, hardware, and software for handling such information.
The Company's officers, employees, contract employees and temporary employees (hereinafter referred to as "All Officers and Employees.") will comply with this policy.
2. Basic Stance
In compliance with laws, regulations, and other standards concerning information security, the Company shall establish an appropriate information security management system. This system will implement human, physical, technical, and accident countermeasures to prevent unauthorized access, loss, destruction, falsification, and leakage of information assets (hereinafter referred to as "Information Security Incidents").
3. Management System
The Company shall assign officers in charge of strengthening and maintaining information security throughout the company, and regularly hold information security promotion meetings attended by individual department heads. Through such approaches, the Company will accurately grasp the status of its information security and maintain a system that enables it to swiftly take the necessary measures.
4. Establishment of Regulations related to Information Security
The Company shall establish rules, standards, and guidelines based on this policy, provide clear rules regarding the overall handling of information assets, and ensure that All Officers and Employees are aware that the Company will adopt a firm stance in the event of an information security accident.
5. Realization of a System that Ensures Information Security
The Company shall build and operate a system to prevent Information Security Incidents, whether intentional or negligent.
6. Improving Information Security Literacy
The Company shall continue to provide security education and training for All Officers and Employees. in response to changes in the social environment, improve information security literacy, and ensure that appropriate management of information assets can be carried out.
7. Strengthening the Management Systems of Subcontractors
When entrusting all or part of the business related to information assets, the Company shall fully review the eligibility of the subcontractor and establish a contract to maintain a security level. In addition, in order to ensure that these security levels are properly maintained, we shall conduct periodic audits of subcontractors to maintain an appropriate management system.
8. Conducting Information Security Audits
The Company shall conduct information security audits on a regular or irregular basis to verify that this policy and its rules are being complied with and functioning effectively.