Information Security Policy
1. Purpose
Micoworks, Inc.(hereinafter referred to as “we” or “our”) uses a large amount of information assets in the operation of its services and management of its employees (hereinafter referred to as “Business”), and therefore, it is essential to properly realize information security and protect information assets in order to promote business activities based on the trust of society. We recognize that it is an indispensable requirement to promote corporate activities based on the trust of society as well as a serious social responsibility. Therefore, in light of the importance of information security, we have established this Information Security Policy (hereinafter referred to as the “Policy”) and will establish, implement, maintain, and improve an information security management system to specifically implement the Policy.
2. Definition of Information Security
Information security is defined as the maintenance of confidentiality, integrity, and availability.
(1) Confidentiality
The protection of information assets from unauthorized access and leakage to unauthorized persons (unauthorized individuals, entities, or persons with access privileges). (Characteristic of not allowing information to be used or disclosed to unauthorized individuals, entities, or processes)
(2) Integrity
Information assets are protected from falsification or error and are maintained accurate and complete. (Accuracy and integrity characteristics)
(3) Availability
Information assets are protected from loss, damage, or system outage, and are available when needed. (Characteristics of access and availability for use by authorized entities when they request it)
3. Scope
This Policy applies to all information assets under our control. The scope of information assets is not limited to electronic devices and electronic data, but includes all forms of information assets, including paper.
(1) Organization
Micoworks, Inc.
(2) Business
Design, development, operation, and support of cloud services for enterprises to promote communication with end users.
(3) Assets
Documents, data, information systems and networks related to the above operations and various services
4. Implementation Items
In accordance with this policy and our information security management system, we will implement the following items (policy groups).
(1) Information Security Objectives
We will establish information security objectives that are consistent with this policy and take into account applicable information security requirements and the results of risk assessment and risk response, disseminate them to all employees, and review them from time to time in response to changes in our environment, and periodically even if there is no change.
(2) Handling of Information Assets
a) Access privileges shall be granted only to those who need them for business purposes.
b) Information assets shall be managed in accordance with legal and regulatory requirements, contractual requirements, and the provisions of our information security management system.
c) Information assets are properly classified and managed according to their importance in terms of value, confidentiality, integrity, and availability.
d) We will continuously monitor our information assets to ensure that they are properly managed.
(3) Risk Assessment
a) We conduct risk assessment and implement appropriate risk responses and control measures for information assets deemed most important based on the characteristics of our Business.
b) We analyze the causes of accidents related to information security and take measures to prevent recurrence.
(4) Business Continuity Management
We will minimize the interruption of our Business due to disasters and technical breakdowns, and ensure business continuity.
(5) Education
We will provide all employees with information security education and training.
(6) Compliance with Regulations and Procedures
We shall comply with the rules and procedures of the information security management system.
(7) Compliance with Legal, Regulatory, and Contractual equirements
We comply with legal, regulatory, and contractual requirements related to information security.
(8) Continuous Improvement
We shall continuously improve our information security management system.
5. Responsibilities, Obligations and Penalties.
The responsibility for the information security management system, including this Policy, shall be assumed by the Representative Director, and employees within the scope of application shall be obligated to comply with the established regulations and procedures. Employees who fail to comply with their obligations and commit violations will be punished in accordance with the employment regulations. Employees of subcontractors will be dealt with in accordance with individually defined contracts.
6. Periodic Review
The information security management system shall be reviewed, maintained and managed on a regular and as-needed basis.
Date of Enactment: July 1, 2019
Last Revised: July 1, 2023
Osamu Yamada, Representative Director