In order to appropriately protect and manage the information assets handled by our group and to ensure that our operations are carried out accurately and smoothly, we act in accordance with the following basic principles.
- Establishment of Information Security System
The company shall establish an information security management system and promote efforts to maintain and improve information security.
In addition, a system for periodic audits and continuous improvement of these efforts shall be established.
- Information Security Education and Training
The company shall provide education and training on a regular or as-needed basis to make employees aware of the importance of information security and to ensure that information assets are handled appropriately.
- Maintenance of Information Security Measures
The Company shall prevent external or internal leakage, theft, loss, destruction, and unauthorized entry of confidential information, whether intentional or negligent, and shall prepare for unexpected accidents and natural disasters.
- Protection of Information Assets
The company recognizes the importance of all information assets in its possession from the perspective of confidentiality, integrity, and availability, and regularly assesses risks and takes appropriate management measures according to the actual conditions of business under the information security system.
- Maintenance of Rules and Regulations Concerning Information Security
The company shall establish rules and management standards for information security, clearly indicate the handling of information assets in general within the company, and periodically review the contents of such rules and standards.
- Compliance with Laws and Regulations
The company shall comply with all laws and regulations applicable to information security.
- Response to Security Incidents and Accidents
The company shall take prompt action and procedures in the event of a security incident or accident, or in the event that there are signs of such an incident or accident.
(Scope of Application)
Applies to all company organizations, employees, and all information assets handled by the company.