1. Scope of Application
The "information assets" covered by this Cyber Security Policy (this "Policy") include all information retained for business purposes, such as information obtained or learned through our corporate activities, including, but not limited to, the IT infrastructure, hardware, and software for handling such information.
Our officers, employees, contract employees and temporary employees (collectively, "All Officers and Employees") will comply with this Policy.
2. Basic Principles
In compliance with laws, regulations, and other standards concerning cyber security, we will establish an appropriate cyber security management system. This system will implement human, physical, technical, and accident countermeasures to prevent unauthorized access, loss, destruction, falsification, and leakage of information assets (collectively, "Cyber Security Incidents").
3. Management System
We will appoint an officer in charge who is responsible for strengthening and maintaining cyber security throughout us, and regularly hold cyber security promotion meetings with each department's person in charge of handling cyber security. Through such approaches, we will establish a system that enables us to accurately understand the status of its cyber security and promptly take any necessary measures under each department's person in charge of handling cyber security.
4. Establishment of Regulations
We will establish regulations based on this Policy, provide clear rules regarding the overall handling of information assets, and ensure that All Officers and Employees are aware that we will adopt a firm stance in the event of an Cyber Security Incident.
5. Realization of a System that Ensures Cyber Security
We will build and operate a system to prevent Cyber Security Incidents, whether intentional or negligent.
6. Improving Cyber Security Literacy
We will continue to provide security education and training for All Officers and Employees in response to changes in the social environment, improve cyber security literacy, and ensure that appropriate management of information assets can be carried out.
7. Strengthening the Management Systems of Subcontractors
When entrusting all or part of the business related to information assets, We will fully review the eligibility of the subcontractor and establish a contract to maintain a security level. In addition, in order to ensure that these security levels are properly maintained, we will conduct periodic audits of subcontractors to maintain an appropriate management system.
8. Conducting Cyber Security Audits
We will conduct cyber security audits on a regular or irregular basis to verify that this Policy and its rules are being complied with and functioning effectively.