|
INFORMATION SECURITY POLICY
|
| |
| |
The Company aims to build strong relations of trust with all of our clients.
In order to retain these levels of trust, as well as to offer better levels of service, we are implementing safety measures throughout the Company, to protect sensitive information assets from the threats of loss, theft and improper use, etc.
For these reasons, the Company has created this “Information Security Policy” to give each employee, from top management down, a greater understanding for strengthening security, both physically and technologically, and also for carrying out duties with a greater respect for security.
Each employee, including management, will aim to protect the security of all relevant information, to comply with the requirements of this policy. Also we plan to promote, continuously improve and maintain the systems put in place, to preserve information security.
|
|
|
1. Definitions and Obligations of Information Security
|
| |
Information Security shall be defined as any information which needs its confidentiality, integrity and levels of availability to be maintained.
Additionally, all employees, including management, shall observe and follow this Information Security Policy and Information Security Manual.
|
|
|
2. Constructing an Information Security Administration System
|
| |
In order to maintain the security of the information assets in its possession, the Company will construct an Information Security Administration System.
|
|
|
3. Assignment of a “Chief Information Security Officer”
|
| |
The Company will appoint a “Chief Information Security Officer (CISO), and also establish an Information Security Committee. Each section will also appoint an Information Security Officer to enforce, maintain and promote security measures for information assets.
|
|
|
4. Maintenance of Internal Regulations Regarding Information Security
|
| |
The Company will prepare internal regulations, based on this Information Security Policy, clearly setting out the policies for information security management, to prevent loss, destruction, manipulation and leakage of any information.
|
|
|
5. Information Specifics and Security Measures
|
| |
The Company will specify confidential business information and privacy related information from among all handled information.
For this specified information, the Company will perform a risk analysis and determine the most suitable information security measures to be taken.
|
|
|
6. Implementing Security Training
|
| |
With the aim of improving understanding and technical aspects of Information Security, and to follow instructions from top management, the Company will create and operate training and education programs.
|
|
|
7. Maintaining an Auditing System
|
| |
The Company aims to maintain Information Security by regularly undertaking an audit to check compliance, and taking any correcting measures as may be deemed necessary.
|
|
|
8. Maintaining an Administration System for Outsourced Operations
|
| |
Should the Company require an outsourced company to handle any information assets, the outsourced partner’s eligibility will be examined, and the Company will require a security level at least matching that of the Company’s to be maintained. In addition, to ensure that the outsourced partner’s security levels are maintained to the required standard, the security measures in place will be routinely examined.
|
|
|
9. Compliance with Laws and Ordinances
|
| |
The management and staff of the Company shall observe all laws, ordinances, rules and regulations and follow all security obligations as set out in the contracts concluded with clients.
|
| |
| |
Yoshiaki Naoi,
President
|
| |
Sagawa Global Logistics Co., Ltd.
|
| |
August 11th, 2008
|
|
