Information Security Policy
Establishment of information security management system
We will strive to protect and properly manage all information assets held by Our Company and comply with all applicable information security laws and regulations. Through these efforts, we will establish an information security management system and continue to work to improve information security measures.
Appointment of information security management personnel
Our Company will deploy a “Person Responsible for Information Security Management (CISO)” to protect and properly manage its information assets. Based on the responsibility of “Person Responsible for Information Security Management (CISO)” we will actively engage in activities to accurately understand the status of information security and take necessary measures promptly.
Development of Internal Rules
Our Company has established internal rules based on its information security policy, and has established policies and rules for protecting personal information and information assets and for managing them appropriately. In addition, we will take a strict stance against information leaks.
Development and enhancement of auditing system
Our Company implements appropriate management through “Person Responsible for Information Security Management (CISO)” in order to verify that information security policies, rules, and rules are observed and functioning effectively in compliance with all laws and regulations concerning information security. In the event of a violation, we will take strict measures including legal action.
appropriate information security measures
Our Company takes security measures from the perspective of organizational, physical, technical, and human security management measures to prevent unauthorized access, information leakage, falsification, loss, destruction, and obstruction of use of information assets. We will make appropriate revisions according to technological and social needs and make continuous improvements to adapt to changes. Work in secure, high-security areas and strictly manage information sharing with stakeholders. We will take a thorough approach to managing access to data and systems by blocking access to information as needed, granting access and restricting database access.
Improving Information Security Literacy
Our Company is committed to improving the information security literacy of its employees and businesses, providing them with thorough security education and training, and ensuring that everyone involved in Our Company ‘s information assets properly manages their information assets. We will continue to provide education and training to respond to technical and social conditions.
Strengthening the management system of subcontractors
When outsourcing, Our Company thoroughly examines the eligibility of contractors and requests that they maintain a security level equal to or higher than that of Our Company. We will also continually review our subcontractors to ensure that these security levels are maintained appropriately.
scope of the security policy
Our Company handles information in accordance with the “Principle of need to know” which “Give information only to those who need it, not to those who don’t.”. The information in this Policy applies to all information that Our Company obtains and obtains in the course of business activities and to all information that Our Company holds in the course of business. It is the responsibility of Our Company ‘s “Officers and employees” and Our Company ‘s “Subcontractors and their employees” handling and managing this information, to comply with this Policy.
Design Information Incorporated is a declaration company of security action (SECURITY ACTION) promoted by the Information-Technology Promotion Agency (IPA).