Governance
- Corporate
Governance - Compliance
- Risk Management
- BCP
- Information
Security - Consultation services, tax affairs,
and countermeasures against
anti-social forces
Information Security
We believe that firmly maintaining a high level of corporate ethics related to information security and protecting our clients’ information assets from every threat are important tasks for continuing to contribute to our clients’ sustainable development. We have therefore established an Information Security Policy to ensure appropriate protection of information assets.
We also understand that our important management tasks include not only ensuring that we do not take our trade secrets and personal information out of our offices inappropriately but also not collecting or utilizing information illegally in driving our business or supporting client companies.We therefore request each employee to pledge not to, and we instruct them not to, bring in important information such as trade secrets and personal information from other companies, excluding information obtained legally from clients and partner companies in the process of providing consulting services.
For the handling of personal information in particular, we have established a Privacy Policy.
Initiatives for ensuring information security
We take the following initiatives to ensure information security.
Security system establishment
- ・We have established an information security management system that conforms to ISO/IEC27001, an international standard for information security management systems (ISMS).
- ・We take risk-based safety measures for information systems that we manage. Above all, for information systems used to handle confidential information (including company information, client information, and personal information), we regularly make a vulnerability assessment to clarify their inherent risks and take action including system repair, thus keeping them robust.
- ・For PCs that we use for business, we restrict the use of external storage media, prohibit access to websites not needed for work, and take other steps to prevent leaks of confidential information and other incidents.
Thorough education and dissemination
- ・In each project team that provides consulting services to our clients, we assign an information security manager, who guides and supervises all members so that they will observe laws, regulations, and rules related to information security.
- ・We provide all employees with information security training when they join us and at least twice each year, thus informing them thoroughly of regulations and other rules that our employees should observe.
- ・We issue a security report every month and deliver it to each employee to raise their awareness of information security and provide them with relevant knowledge.
