Security Policy
Purpose
This Information Security Basic Policy (hereinafter referred to as "this Basic Policy") defines the basic policy regarding information security of the limited liability company Mohican (hereinafter referred to as "our company"). This basic policy aims to protect the information assets including the personal information of the Company and the customers and business partners entrusted to it by the Company.
We regard ensuring information security as an important management issue, and protect the information assets entrusted to us by our customers and business partners and our information assets from threats such as cyber attacks, as well as secure products and systems.・ By providing services, we will create social values such as safety, security, fairness, and efficiency, and contribute to the realization of a sustainable society in which everyone can fully demonstrate their humanity.
Basic policy
- (1) Formulation of information security policy
-
We will formulate an information security policy in accordance with the statement of intention of our management and make it known to all employees. In addition, all employees will comply with this information security policy and implement information security measures.
- (2) Establishment of information security management system
-
We will respect the rights of individuals regarding personal information, and if the person requests disclosure, correction, or deletion of their personal information, we will respond to it within a reasonable period of time and within a reasonable range. increase.
We will appoint an information security manager (hereinafter referred to as "manager") who has overall responsibility for information security. The person in charge of management is responsible for instructing and managing the organization regarding the construction and operation of information security, including dealing with incidents and accidents related to information security.
- (3) Review
-
We will review this basic policy as appropriate and make continuous improvements in light of changes in the business environment, changes in the social environment and laws and regulations, the latest trends in information-related technologies, and newly discovered risks. ..
- (4) Implementation of information system security measures
-
In order to protect our information system assets, we will carry out risk analysis and implement security measures for information systems such as unauthorized access measures, virus measures, leakage measures, and reliability measures.
- (5) Security measures for outsourcing
-
Regarding the outsourcing of our business, from the viewpoint of protecting confidential company information and personal information, we will examine the eligibility of the outsourcer, review the contents of the contract, and improve it.
- (6) Compliance with legal and contractual requirements
-
In order to avoid violations of laws, regulations or contractual obligations related to our information security, and security requirements, we clarify these requirements and formulate and implement measures to comply with them. increase.
- (7) Education / training and dissemination / thoroughness regarding information security
-
We will provide regular education and training on information security to all employees to make them aware of the importance of information security, proper handling and management.
- (8) Response to information security accidents
-
In the event of an information security-related accident, the discoverer will promptly report the details to the manager, and the manager will immediately report to the relevant parties and take emergency measures as necessary. I will do it. For these information security accidents, we will analyze the cause of the accident and take measures to prevent recurrence.
- (9) Business continuity management
-
We will ensure business continuity by minimizing business interruptions due to accidental disasters, breakdowns, negligence, and intentional misuse of information assets.
- (10) Measures against information security policy violations
-
If our employees violate our information security policy, we will be subject to disciplinary action.