Information Security Policy (ISMS Basic Policy)
Informetis Co., Ltd. (“We”) recognizes that appropriate management of information is an important management issue, and so establishes “Information Security Policy” as our policy on handling information security, and complies with it. The policy covers information that we have obtained and learned from our corporate activities, as well as all information held by us.
- Establishment of Information Security Management Organization
We establishes Information Security Committee to construct a system that can promptly implement information security measures. We also appoint the chairman of Information Security Committee as “Information Security Management Officer” to execute appropriate management activities.
- Establishment of Internal Regulations
We establishes internal regulations on information security, and communicate the specific policies and rules across us to protect and manage the information assets appropriately.
- Execution of Audit
We conducts audit as necessary on the status of compliance with laws, internal regulations, rules, etc., on information security, to verify status of their effective performance.
- Implementation of Information Security Measures
We implements security measures from the perspective of organizational, physical, technical and human safety management, and strives to prevent accidents related to information assets, such as unauthorized access, destruction, information leakage, tampering, etc.
- Risk Assessment
We conducts risk assessments, takes appropriate risk measures for information assets that based on the characteristics of the business.
- Provision of Information Security Education
We continuously provides education and training to all employees to implement appropriate management of information assets.
- Business Continuity Management
We ensures business continuity and minimizes business interruption due to disasters and failures.
- Management of Subcontractors
We regularly evaluates and reviews aforementioned efforts to implement continuous improvement to the information security management.
- Establishment of Personal Information Protection Management System and Continuous Improvement Thereof
We develops regulations and systems for handling personal information, establishes and implements personal information protection management system, and continuously applies improvements on them.
Date of enactment: June 1, 2015
Date of reviced Dec 20, 2018Informetis Co., Ltd.
Chief Executive Officer