The main business of the Group is Business Process Outsourcing (BPO) and the safety of information assets and business continuity are top priorities for management. We consider the safety and security of our Clients and business partners our social responsibility, and we protect their information from various threats. This document was established with the purpose of achieving the appropriate management and security of our operations.
2. Information Security Organization
2.1 Information Security Committee
The Information Security Committee comprises the Representative Director, Chairman of the Information Security Committee and representatives of relevant departments, who meet to discuss and make decisions on information security issues.
2.2 The Information Security
The Information Security Manager and his or her division are responsible for information security.
2.3 Internal Audit
An internal audit will be completed to ensure information security is effective.
3. Information Security Policy
3.1 Need-to-Know Principle
The Information Security Division is responsible for granting access to information. Employees are only given permission to access the information they need to complete their work.
3.2 Information Asset Management
The Director of Information Security will manage information assets and security-related information in accordance with regulations imposed by the agreement and the Group.
3.3 Selection of Measures and Classification of Information Assets
The Director of Information Security will manage information assets properly, classified according to their importance.
The Director of Information Security will ensure that information assets are properly managed and monitored on an ongoing basis.
3.5 Security Incident Response
Any incident involving information security occurs will be handled appropriately, and corrective action will be taken to prevent any reoccurrence.
3.6 Business Continuity Management
There must be plans in place to ensure minimum interruption to business in the event of a disaster.
Employees and suppliers take part in regular information security education, according to their position.
3.8 Compliance with Rules and Regulations
Employees and suppliers of the Group are required to comply with rules and regulations on information security.
3.9 Conformance to legal and contractual requirements
Company employees and employees of subsidiaries or partners are required to comply with the information security requirements of an agreement.
Prestige International Inc.
CEO, Shinichi Tamagami