Basic Information Security Policy
- Purpose
Daiko Group shall provide intellectual services in each of its businesses, based on confidential information received from its clients. Therefore, in order for Daiko Group to continue to provide intellectual services, the confidential information entrusted to us by our clients shall be considered our most valuable information assets. This shall require the utilization of an appropriate management system to protect such information from loss, theft, unauthorized use, and any other threat in order to maintain the trust of our clients.
In addition to specific physical, environmental, and intellectual security measures, this shall also require an advanced awareness of security among our managerial staff and employees, as well as activities that emphasize the importance of security.
Our group utilizes these specific measures and an awareness of related issues when developing our business, allowing us to improve customer satisfaction by giving priority to our clients and continuing to provide services with added value.
To achieve this, we have implemented an information security management system that includes the creation of an ISMS manual with basic guidelines for information security management systems, the introduction of a management system that complies with ISMS certification standards and ISO/IEC27001:2005, and the implementation of operations, monitoring, revisions, maintenance, and continual improvements. - Definition of Information Assets
Information assets include management information handled in the course of business activities and personal information (customer and employee information) that is determined as necessary to be protected in accordance with the Group's standards. - Definition of Information Security
Information security refers to the assurance and maintenance of confidentiality, integrity, and availability.
(1) Confidentiality: Only authorized persons can access customer information.
(2) Integrity: Customer information is accurate, and uniform methods are used to process such information.
(3) Availability: Authorized persons can access the required customer information when needed. - Scope of Application
The scope of application for information security management includes the following organizations, locations, businesses, and networks.
(1) Organizations: Specified in Information Security Promotion Chart
(2) Locations: Specified in "1.2 Scope (Scope of site)" in "ISMS Manual (A02)"
(3) Business: Specified in "1.2 Scope (Scope of business)" "ISMS Manual (A02)" - Implementation Details
(1) The basics of information security, confidentiality, integrity, and availability, shall be assured and maintained.
(2) Items stipulated in regulations and laws related to information security, the Personal Infrormation Protection Law, shall not be violated.
(3) In order to maintain and manage information security, an Information Security Committee shall be established to make periodic revisions of the basic information security policy statement, basic policies, and information security measures.
(4) Standards for risk assessment and a risk assessment structure shall be established.
(5) Optimal information security measures shall be taken to reduce risks that have been identified through risk assessment.
(6) Training regarding information security shall be provided periodically, and within an appropriate scope, for all employees. - Penalties
In the event that any member of said appropriate range of personnel behaves in a manner that threatens the protection of information assets entrusted to our company, including but not limited to customer information, appropriate measures shall be taken in accordance with company regulations. - Periodic Revision
Revision of the information security management system shall be performed periodically in conjunction with changes in the operational environment.
July 1, 2020
Hideaki Hamamoto, Representative Director
Daiko CO., Ltd. (Daiko Group Holding Company)
