Basic Policy on Information Security

Basic Statement

With the development of information technology and the rapid shift to broadband internet access, etc., information is being actively transmitted, communicated, and shared, and the degree to which information assets are utilized has become a major determinant of an organization’s competitiveness. However, there are several issues that must be overcome to promote the active use of information assets. One of the most important issues is to ensure information security. We must be keenly aware that information assets are constantly exposed to threats such as leakage, falsification, and destruction. In order for us to actively utilize our information assets and further develop into an entity with sustainable worth for the future, it is necessary to appropriately use and protect our information assets. For this reason, we hereby establish a “Basic Policy for Information Security” and request that all employees comply with it and handle and protect information assets with a unified awareness.

Basic Security Policy

(1) Basic Policy on Information Security Management System Operation

To continuously implement and improve efforts to ensure information security, the Company shall determine external and internal issues, grasp the current status of its own organization, clarify the information security-related requirements of its stakeholders, and establish a security management system.

(2) Basic Policy on Risk Assessment and Risk Management

Persons at risk shall be identified in consideration of the importance of the information assets, the likelihood of a leak, and the control measures in place, and risks and opportunities for the information assets shall be assessed and control measures shall be implemented to reduce undesirable effects.

(3) Basic Policy on Responsibility for Management of Information Assets

A chief administrator shall be appointed to ensure the appropriate handling of all information assets of the Company. The chief administrator shall implement appropriate protection measures in accordance with the risks that the information assets may pose.

(4) Basic Policy on Disclosure of Information Outside the Scope of Application

When allowing the use of information assets outside the scope of this Basic Policy, through outsourcing, provision of information, information system leasing, etc., the security requirements shall be agreed upon by contract or other means, and the security management system of the disclosed/permitted person shall be confirmed, as necessary.

(5) Basic Policy on Implementation of Comprehensive Security Measures

Comprehensive information security measures—consisting of physical security measures, human security measures, and technical and operational security measures for communication and access control—shall be implemented for all information assets of the Company.

Personal Information Protection Policy

We hereby declare that we will comply with laws, regulations, and other rules and guidelines concerning the protection of personal information, and pledge to give the utmost consideration to the appropriate handling and protection of personal information, and will establish, implement, and maintain the following personal information protection policy.

  1. We will comply with laws, regulations, and other norms related to the protection of personal information.
  2. We will collect, use, and provide personal information appropriately, considering the nature and scale of our business.
  3. We will take appropriate preventive and corrective measures against unauthorized access to personal information, and the loss, destruction, falsification, and leakage of personal information.
  4. We will establish, implement, and continually improve internal rules for the protection of personal information.
  5. We will take a firm stand against violators of personal information protection.

Basic Policy on Handling of Specified Personal Information, etc.

We have established the following basic policy for the proper handling of personal numbers and specified personal information.

  1. We will comply with the Act on the Use, etc., of Numbers, etc., to Identify Specific Individuals in Administrative Procedures and related laws and regulations, and the “Guidelines for the Proper Handling of Specified Personal Information (Business Operator’s Edition)” established by the Specified Personal Information Protection Committee, based on our understanding of their contents.
  2. As an organizational safety control measure, we will clarify the system of responsibility.
  3. As a human safety management measure, we will submit written pledges and provide thorough training and guidance to clerical personnel.
  4. As physical safety control measures, we will establish off-limits areas and control document storage locations, etc.
  5. As technical safety control measures, we will take appropriate preventive and corrective measures against information leakage, including prevention of unauthorized access and anti-virus measures.

Basic Policy against Anti-Social Forces

We have established the following basic policy to prevent damage caused by antisocial forces.

  1. We shall take a resolute stance against antisocial forces that threaten the order and safety of society and shall sever all relationships with such forces.
  2. We shall comply with the Code of Conduct as a conscientious corporate citizen and eliminate any contact with antisocial forces.
  3. We will reject any unreasonable demands, etc., from antisocial forces.

Use of Cookies and Google Analytics

About Cookies

This website uses cookies to improve the convenience of the website. Cookies are pieces of information that are sent to the user from the server and stored in the browser. Cookies can be disabled, but this may result in some or all of the site’s functions being unavailable.

Use of Google Analytics

  1. This site uses Google Analytics to monitor usage and improve the site. Google will gather, record, and analyze the history of visits, but this does not include information differentiating individuals.
  2. This site can link Google Analytics data with personal information submitted through the contact form, but this information will not be provided or sold to third persons without permission.
  3. Please refer to Google’s website for the Google Analytics Terms of Use and Privacy Policy.
     ー Google Analytics Terms of Use https://marketingplatform.google.com/about/analytics/terms/us/
     ー Google’s Privacy Policy https://policies.google.com/privacy?hl=en
    It is possible to stop the collection of information by Google Analytics by installing the Google Analytics opt-out add-on and changing your browser’s add-on settings.
    Download page URL: https://tools.google.com/dlpage/gaoptout?hl=en

Kazuhiko Chiba
President
AP Outsourcing Ltd.