Information Security Policy
1. Scope of Application
The "information assets" covered by this Information Security Policy (this “Policy”) include all information retained for business purposes, such as information obtained or learned through our corporate activities, including, but not limited to, the IT infrastructure, hardware, and software for handling such information.
Our officers, employees, contract employees and temporary employees (collectively, "All Officers and Employees") will comply with this Policy.
2. Basic Principles
In compliance with laws, regulations, and other standards concerning information security, we will establish an appropriate information security management system. This system will implement human, physical, technical, and accident countermeasures to prevent unauthorized access, loss, destruction, falsification, and leakage of information assets (collectively, "Information Security Incidents").
3. Management System
We will appoint an officer in charge who is responsible for strengthening and maintaining information security throughout us, and will establish a system that enables us to accurately understand the status of its information security and promptly take any necessary measures under each department’s person in charge of handling information security.
4. Establishment of Regulations
We will establish regulations based on this Policy, provide clear rules regarding the overall handling of information assets, and ensure that All Officers and Employees are aware that we will adopt a firm stance in the event of an Information Security Incident.
5. Realization of a System that Ensures Information Security
We will build and operate a system to prevent Information Security Incidents, whether intentional or negligent.
6. Improving Information Security Literacy
We will continue to provide security education and training for All Officers and Employees in response to changes in the social environment, improve information security literacy, and ensure that appropriate management of information assets can be carried out.
7. Strengthening the Management Systems of Subcontractors
When entrusting all or part of the business related to information assets, We will fully review the eligibility of the subcontractor and establish a contract to maintain a security level. In addition, in order to ensure that these security levels are properly maintained, we will conduct periodic audits of subcontractors to maintain an appropriate management system.
8. Conducting Information Security Audits
We will conduct information security audits on a regular or irregular basis to verify that this Policy and its rules are being complied with and functioning effectively.
