BELLSYSTEM24 Holdings, Inc. ("the Company") declares that the Company and its members, and all organizations and individuals which undertake work on the instructions of the Company and its members will adhere to the BELLSYSTEM24 Group Charter for Business Conduct when engaging in business operations, etc.
The Company will appoint a Chief Information Security Officer (CISO), determine persons responsible for training and auditing and a person in charge of managing information security in each division, and establish a system for promoting information security measures.
The Company will formulate information security documentation such as regulations, a plan, and a manual, and translate information security policy into practice.
The Company will provide effective training and guidance on areas such as information management on an ongoing basis, and will endeavor to be ever mindful of the importance of information security when undertaking work.
The Ccompany will establish information security measures and standards according to the value of information and communicate these to all bases, in order to protect against physical threats, technical threats and human threats.
If an incident or potential incident is discovered by the Company itself or is brought to the Company's attention in a report, the Company will deploy its information security system under the leadership of the CISO to respond quickly and appropriately in accordance with the prescribed procedure.
The Company will establish a system for auditing matters related to information management, existing independently from other systems, and will conduct inspections to confirm that information security safeguards are appropriate, whenever necessary. If those responsible for audits judge safeguards to be inappropriate, they will propose improvements and revisions to the rules.
In entrusting business to third party contractors, the Company will select companies which offer a level of information security management which is greater than or equal to that provided by the Company, and will articulate matters such as management criteria and accountability in a contract or other juristic act and seek to provide the highest level of management and guidance to ensure that this policy is upheld.
The Company will reduce the risk of business interruption as a result of natural disaster, equipment failure or other accident, obstruction of business, or the stealing or improper use of information to a tolerable level, and preferably to an acceptable level.
The Company will comply with laws and regulations concerning information security, relevant national guidelines and other relevant national standards, as well as contractual provisions on information security.
The Company will adhere to this Information Security Policy and aim to revise and improve measures accordingly depending on changes in the social situation.