Our company strives to be an organization that is trusted by our customers and various other stakeholders to properly protect the information assets that we retain in the course of business.
In order to accomplish this, we have formulated the following Information Security Policy to ensure that information security compliance is an integral part of our Code of Conduct.
By adhering to this policy and the separate Privacy Policy and maintaining a sophisticated information security management system, we will continue to provide peace of mind to our customers and the general public.
1. Assets to which the Information Security Policy applies
All types of information retained in the course of business are treated as information assets that are covered by this policy, and include customer information, personal information, and confidential information related to our corporate activities.
All Adastria officers and employees, as well as contractors and their employees, who are involved in the handling and management of relevant information assets shall adhere to the Information Security Policy.
2. Building an information security management system
The Company regularly convenes an information security committee chaired by the director in charge of information security to consider, plan, implement and continuously improve our information security policies. It also promptly enacts the measures necessary for information security management and reports to the board of directors as necessary.
3. Implementation of ongoing information security training
In order to improve the information security standards employed by all Company officers and employees who are involved with the handling of information assets, we will provide them with necessary training on an ongoing basis and strive to enhance their understanding of related laws and regulations.
4. Development of internal regulations regarding information security
We have developed internal regulations based on this policy which, along with presenting our comprehensive policy for the handling of information assets, advocates a strict stance against the leaking of information.
5. Implementation of information security audits
Our internal audit department conducts both regular and special audits to ensure adherence to information security audit items, such as laws and regulations related to information security, this policy, and the internal regulations.
6. Thorough implementation of information system security measures
We will construct an information system that incorporates security measures to prevent unauthorized access, falsification, leakage, loss, destruction, and interference with the use of information assets.
7. Enhancement of operations outsourcing management
When concluding an outsourcing contract, we will review the eligibility of the contractor and require them to uphold the same level of information security maintained by our Company.