Basic Policy on Information Security
Nulab Inc. (hereinafter referred to as “we” or “us”) develops and sells computer-based systems, contributes to local communities, and also focuses on human resource development. The valuable information of our customers and other information assets that we handle in our business are extremely important as the foundations of our business.
We recognize the importance of protecting these information assets from risks such as leakage, damage, and loss. All employees, including executives and employees, will comply with this basic policy and practice activities to maintain information security such as the confidentiality, integrity, and availability of information assets.
- In order to protect information assets, we will create an information security policy, conduct business in accordance with it, and comply with laws, regulations and other norms related to information security, as well as contractual matters with our customers.
- We will clarify the criteria for analyzing and evaluating risks such as leakage, damage, and loss of information assets, establish systematic risk assessment methods, and carry out risk assessments on a regular basis. Based on the results, we will implement necessary and appropriate security measures.
- We will establish an information security system centered around the officer in charge and clarify authority and responsibility for information security. In addition, to ensure that all employees are aware of the importance of information security and ensure the proper handling of information assets, we will carry out regular education, training and provide opportunities for self-development.
- We will regularly inspect and audit the status of compliance with the information security policy and the handling of information assets, and promptly take corrective action for any deficiencies and items that need improvement that are discovered.
- We will take appropriate measures against the occurrence of information security events or incidents, and in the unlikely event that they do occur, we will establish response procedures in advance to minimize damage, and in the event of an emergency, we will respond promptly and take appropriate corrective action. In addition, especially for incidents related to business interruption, we will ensure the continuity of our business by establishing a management framework and conducting regular response, recovery tests, and reviews.
- We will establish an information security management system with the goal to realize our basic principles, implement them, and continuously review and improve them.
Created on September 8, 2016
CEO Masanori Hashimoto