Information Security Policy
Kinsen Co., Ltd. (henceforth referred to as “we”) creates communication of the highest quality through advertising and recognizes that it is an extremely important duty to strive for information security in order to provide a valuable service that a visitor can use with peace of mind.
With the aforementioned duty in mind, we have established a ‘Basic Information Security Policy’ (as detailed below). Management will apply this policy appropriately in order to protect information and information assets obtained in the course of our business activities from theft, unauthorized access, manipulation, deletion, release or otherwise inappropriate use.
We commit to take measures in accordance with this basic policy to establish necessary protection of all information in our possession. Further, we declare that all officers and employees, whether temporary or contracted, will engage in their duties ethically.
- Development of the information security policy.
In accordance with our administration’s expressed intentions, we will ensure that all employees are made fully aware of the requirements of the Basic Information Security Policy and that the protocols are strictly observed.
- Establishment of the information security management system.
- A general information security management representative (henceforth “the management representative”) will be appointed to take responsibility for information security. The management representative will instruct the organization, and will take responsibility for managing, constructing and administrating information security including In the event of an information security incident or accident.
- An information security committee will be established and will familiarize itself with the information security situation at all levels of the company so that it can carry out necessary measures quickly.
In light of changes in the management environment, the social environment, laws, regulations and the latest trends in risk, we will perform appropriate reviews of this basic policy and continually make improvements.
- Enforcement of information system security measures.
We will carry out risk analysis and take security measures to protect our information systems and information assets from unauthorized access, viruses, leaks and unreliability.
- Security measures concerning trust.
As for outsourced work, we plan a thorough examination of the evaluation of trust, improvements in and review of the contents of contracts from the viewpoint of protecting confidential company and personal information.
- Compliance with legal and contractual requirements.
We will develop and implement measures to comply with laws related to the security of our information, obligations regulatory or contractual, and in order to avoid violations of the requirements for security, where necessary, we will endeavour to clarify these requirements.
- Education and training on information security and its thorough implementation.
Employees will periodically be educated and trained in the importance of information security, common sense and the appropriate handling and management of information.
- Responding to security incidents.
If an incident related to information security occurs, the discoverer will immediately report the details to the management representative. The management representative will promptly report it to the persons concerned and decide what emergency measure need to be taken. We will analyze the cause of the incident and take preventive measures against recurrences.
- Business continuity management.
Where it is possible and to ensure the continuation of business we will, to the best of our ability, endeveaour to suppress the interruption of business due to accidental disaster, failure, negligence and intentional misuse of information assets.
- Measures to be taken in the event of information security policy violations.
An employee in breach of the information security policy will be the subject of penalties in accordance with the rules of employment.
- Enacted :
- February 1, 2015
Executive Director Takehiro Shimizu
IS 631932 / ISO 27001