1. Purpose
The main business of the Group is Business Process Outsourcing (BPO) and the safety of information assets and business continuity are top priorities for management. We consider the safety and security of our Clients and business partners our social responsibility, and we protect their information from various threats. This document was established with the purpose of achieving the appropriate management and security of our operations.
2. Information Security Organization
2.1 Information Security Committee
The Information Security Committee comprises the Representative Director, Chairman of the Information Security Committee and representatives of relevant departments, who meet to discuss and make decisions on information security issues.
2.2 Information Security Secretariat
The Information Security Secretariat shall be established at the secretariat for the Information Security Committee.
2.3 Internal Audit
An internal audit will be completed to ensure information security is effective.
2.4 Information Security Officer
An Information Security Officer shall be appointed within each department as the staff member responsible for information security-related matters.
2.5 Internal Audit System
In order to carry out audits to check whether or not ISMS operations are being performed in accordance with the Information Security Policy, the Information Security Committee shall appoint and instate an Internal Audit Officer. The Internal Audit Officer shall appoint and instate a Internal Auditor.
2.6 Risk Management Officer
The Information Security Committee shall appoint and instate a Risk Management Officer as a general manager responsible for risk management.
2.7 Risk Assessment Officer
The Risk Management Officer shall appoint and instate a Risk Assessment Officer as the officer responsible for risk assessment.
3. Information Security Policy
3.1 Need-to-Know Principle
The Information Security Division is responsible for granting access to information. Employees are only given permission to access the information they need to complete their work.
3.2 Information Asset Management
The Director of Information Security will manage information assets and security-related information in accordance with regulations imposed by the agreement and the Group.
3.3 Selection of Measures and Classification of Information Assets
The Director of Information Security will manage information assets properly, classified according to their importance.
3.4 Monitoring
The Director of Information Security will ensure that information assets are properly managed and monitored on an ongoing basis.
3.5 Security Incident Response
In the event of an accident related to information security, the person discovering the accident shall immediately report the details of the accident to the Information Security Officer; the causes of the accident related to information security shall then be analyzed and measures to prevent a recurrence shall be implemented as necessary.
3.6 Business Continuity Management
There must be plans in place to ensure minimum interruption to business in the event of a disaster.
3.7 Education
Employees and suppliers take part in regular information security education, according to their position.
3.8 Compliance with Rules and Regulations
Employees and suppliers of the Group are required to comply with rules and regulations on information security.
3.9 Conformance to legal and contractual requirements
Company employees and employees of subsidiaries or partners are required to comply with the information security requirements of an agreement.
Prestige International Inc.
CEO, Shinichi Tamagami
October 1, 2021