IMS Japan Society Security Policy
Enacted: June 3, 2016
In carrying out its activities and business, the IMS Japan Society (hereafter, this corporation) establishes an information security policy (hereafter, this policy) based on the purpose of its establishment, and establishes information security based on it. We will continue to strengthen it.
By correctly understanding and complying with this policy and the regulations based on this policy, our officers, employees, and employees will strive to maintain the safety of our information assets and social trust in our company.
Chairman Katsuhiko Shirai
Definition of information assets
Information assets are various information, knowledge and its expression format, media, information systems and networks that handle it, and software and hardware that make up these. Say.
Safe management of information assets
Regarding information assets, we must objectively evaluate the business importance of their confidentiality, integrity, and availability, and take safety measures according to their importance. These safety measures will be implemented from technical (or physical), human and organizational aspects as necessary. In addition, when implementing countermeasures, we will give due consideration to the balance between the magnitude of risk and the increase in costs and reduction in operational efficiency resulting from the implementation of countermeasures, and will be careful not to significantly impede the main purpose of our business.
Information security management and its system
The Board of Directors of the Corporation is the highest decision-making body for information security management and is responsible for the overall information security of the Corporation. The steering committee and secretariat will consider and implement necessary measures. The board of directors and the steering committee can appoint a security management team (or person in charge) as necessary to implement and operate information security measures.
Based on this policy, the Board of Directors establishes regulations including specific requirements for information security management regarding matters necessary for business, and the Steering Committee and Security Management Team implement security measures based on these regulations. operate. In addition, the Board of Directors shall implement the necessary budgetary measures for these operations.
Compliance with information security policies and regulations
Officers, employees, employees, and those involved in the business of this corporation must comply with this policy and various regulations and contribute to ensuring and strengthening information security of this corporation.
Conduct audits, reviews and reports
The Steering Committee shall, in principle, conduct a review of information security management and operational status every business year, and report to the Board of Directors on the status and necessary improvements.
For this report, the Steering Committee will appoint an audit committee as necessary to audit the operation status.
The Board of Directors shall approve the report and make necessary judgments on policies and regulations that need to be improved or revised.
In the event of an emergency, promptly conduct audits and investigations and report to the Board of Directors as necessary.
Thoroughly comply with laws and regulations and various social norms in carrying out the business of this corporation. In terms of information security as well, corporate regulations must not contradict laws and regulations, and in the unlikely event that a contradiction occurs, we will give priority to legal compliance and promptly correct it.