Information Security Policy Statement
Security Policy
Established: September 1, 2010
Intent
IIJ Global Solutions Inc. (“Company”) is committed to protect information assets of both Company and its customers. Company will establish, operate, maintain and improve an effective information security management system based on this Policy to promote trust in the Company and drive sound business in a responsible manner.
1. Scope
This Policy applies to all the information assets and systems associated with Company’s operations, and all the personnel involved with the information assets and systems.
2. Supporting documents
Company’s security policy is comprised of this Policy and various security standards and procedures. All the personnel shall comply with this Policy and the standards and procedures.
3. Compliance
Company shall comply with Telecommunications Business Act, Act on the Protection of Personal Information and other laws, governmental regulations and guidelines relating to information security and, as well as contractual security requirements.
4. Organization and responsibility
Information Security Management Office shall, in accordance with this Policy, and with the participation and support of the Company’s Management, develop and implement a management structure for the construction and maintenance of an information security management system.
5. Risk management
Company shall conduct risk assessments to identify Company's information assets, risks and appropriate security measures. Based on the results of the risk assessments, Company shall implement cost-effective risk treatments to ensure confidentiality, integrity and availability of the information assets.
6. Changes in the business environment
Company shall review this Policy, the risk treatments, security standards and procedures periodically to address changes in the business environment. Company shall update them if necessary to maintain appropriate level of security.
7. Protection of personal information
Company shall establish Privacy Policy and implement proper handling and safeguarding of personal information.
8. Education and Training
All the personnel shall receive education and training to understand the mission-critical nature of information security and the proper handling of information.
9. Business continuity plans
Company shall implement business continuity plans to minimize the impact of accidental or intentional incidents to ensure its operations are continued or recovered in planned time frames.
10. Auditing
Company shall have internal and external audits periodically. Such audits provide Company with objective evaluations of its information security postures and feedbacks for continuous improvements.
Yoshinobu Inoue, Representative Director, President
IIJ Global Solutions Inc.