1. TOP
  2. Basic Information Security Policy

Basic Information
Security Policy


Basic Information Security Policy

Date of enactment April 1, 2013
Date of last revision June 25, 2014
President and CEO Kenichi Yoshikawa

Information assets (information and information systems, etc.) are the most significant assets to us as a source of profit generation in our business activities, and preventing information security incidents is a social responsibility. In order to protect our information assets from information security threats, we handle information assets accurately and safely, and achieve information security in line with our management strategy and in response to the trust of our customers.


By expressing management's intention regarding our approach to information security and by clarifying the main action guidelines based on this intention, we shall properly establish and operate an information security management system (hereinafter referred to as ISMS) in accordance with JISQ27001 (ISO/IEC27001) to ensure the confidentiality, integrity and availability of its significant information assets and continuously ensure its effectiveness.


For the operation of the ISMS, we establish an Information Security Committee with managers from each department as members, appoint an Information Security Chairperson as the person responsible for managing information security, and establish an organization for the continuation and maintenance of our ISMS.


In order to keep the risk of all significant information assets handled at an acceptable level, we have established systematic procedures and evaluation criteria for risk assessment and take appropriate risk measures based on risk assessments.


We respect and comply with contracts and legal or regulatory requirements with our customers and suppliers.


We ensure that all measures to establish information security are implemented.


We provide regular training to all employees to maintain and improve the ISMS.


In order to continuously maintain and improve our ISMS, we regularly review our basic policy, all ISMS-related rules and regulations and all activities.

The policy shall be made known to all employees and measures shall be taken to make it available to relevant external parties by posting it on our website.