HOME Sustainability Information Security Policy

Information Security Policy


BELLSYSTEM24, Inc. ("the Company") declares that the Company and its members, and all organizations and individuals which undertake work on the instructions of the Company and its members will adhere to the BELLSYSTEM24 Group Charter for Business Conduct when engaging in business operations, etc.

1. Internal system

The Company will appoint a Chief Information Security Officer (CISO), determine persons responsible for training and auditing and a person in charge of managing information security in each division, and establish a system for promoting information security measures.

2. Formulation and implementation of internal regulations, etc.

The Company will formulate information security documentation such as regulations, a plan, and a manual, and translate information security policy into practice.

3. Provision of education

The Company will provide effective training and guidance on areas such as information management on an ongoing basis, and will endeavor to be ever mindful of the importance of information security when undertaking work.

4. Establishment of measures and standards and sharing with all bases

The Ccompany will establish information security measures and standards according to the value of information and communicate these to all bases, in order to protect against physical threats, technical threats and human threats.

5. Quick response to threats to information security

If an incident or potential incident is discovered by the Company itself or is brought to the Company's attention in a report, the Company will deploy its information security system under the leadership of the CISO to respond quickly and appropriately in accordance with the prescribed procedure.

6. Audit system

The Company will establish a system for auditing matters related to information management, existing independently from other systems, and will conduct inspections to confirm that information security safeguards are appropriate, whenever necessary. If those responsible for audits judge safeguards to be inappropriate, they will propose improvements and revisions to the rules.

7. Comprehensive management of third-party contractors

In entrusting business to third party contractors, the Company will select companies which offer a level of information security management which is greater than or equal to that provided by the Company, and will articulate matters such as management criteria and accountability in a contract or other juristic act and seek to provide the highest level of management and guidance to ensure that this policy is upheld.

8. Business continuity management

The Company will reduce the risk of business interruption as a result of natural disaster, equipment failure or other accident, obstruction of business, or the stealing or improper use of information to a tolerable level, and preferably to an acceptable level.

9. Compliance with laws and regulations, standards and contracts

The Company will comply with laws and regulations concerning information security, relevant national guidelines and other relevant national standards, as well as contractual provisions on information security.

10. Review and continuous improvement

The Company will adhere to this Information Security Policy and aim to revise and improve measures accordingly depending on changes in the social situation.

Enacted January 01, 2005
Revised June 01, 2019

Other Group Companies