ISMS basic policy

HIKESIYA Co., Ltd. (hereinafter referred to as “the Company”) makes its basic attitude to contribute to the society through development of system, mainly OSS (Operation Support System). We recognize the importance of information security, prescribe ISMS basic policy (including information security basic policy) for protecting our assets from loss, leak, illegal access etc. and work on prevention of security incident and continuous improvement of information security. 

1. Protection of assets
In order to protect all the information security including personal information handled in business, we implement proper physical management measure and technical management measure based on the result of identified and qualified threat and weakness toward confidentiality, integrity and availability, periodical risk assessment and analysis / evaluation of importance and risk of information assets.
2. Construction of information security system and organizing internal regulation
We define the role and responsibility regarding information security and establish organized system to manage / operate it.
3. Conduct education / training
We familiarize our managers and employees with ISMS documents such as ISMS basic policy and penalty application in case of violation to improve consciousness of information security. Also, in order to familiarize internal regulation, we periodically conduct education / training and work on securing human security.
4. 4. Prevention and handling of security incident
We work on preventing security incident. In case it happens, we shall promptly implement proper countermeasures including recurrence prevention measures. Also, in order to secure business continuation, we promote preparing business continuation plan and checking it in the premise of emergency including disaster.
5. Observing law / regulation and improving continuously
The Company establishes basic policies and internal regulations that comply with laws and regulations such as business site requirements, the Personal Information Protection Act, the Unfair Competition Prevention Act, and the Unauthorized Access Prohibition Act. We consider security obligation based on the contract and observe it. Also, in accordance with changes in management policies, business contents, social situations, techniques, laws and regulations, etc., we shall periodically review the basic policies and internal regulations, etc. and make continuous improvements.
Based on this basic policy, the Company will establish, implement, operate, monitor, review, maintain and improve the information security management system (ISMS).
Enacted: April 2nd, 2007
CEO Toshinori Maki