Company InformationCorporate Governance
Corporate Governance Information Security Policy
As a company deeply involved with the public interest and safety, we accumulate information resources with a high degree of confidentiality during the course of conducting our business activities. We shall manage our business activities on an ongoing basis in a stable manner, ensuring information resources are maintained in a safe and secure manner, and endeavor to efficiently use and manage this information appropriately in accordance with importance, while endeavoring to be worthy of the public trust placed in us.
Bearing the above in mind, we have established these fundamental policies, information handling and management policies, information system handling and management policies, as well as related policies and procedures, as our information security policies, and declare that the following actions are to be implemented and promoted:
1. During the course of conducting business and handling customer and other information resources, we shall do all in our power to maintain the security of those information resources so as not to lose, destroy, corrupt, inappropriately modify or access, misappropriate or leak information, while taking adequate precautions to avoid such risk. These measures shall have the highest priority.
Controls/Checks and Balances
2. To assure the appropriate use and safety of information resources, we shall establish an internal Information Management and Information Security Division to be staffed with responsible managers at all levels and from all divisions of the company to serve as administrators and to assure the safety and appropriate management and use of information throughout the company.
3. To maintain order and discipline on the Internet, we shall take appropriate measures to prevent inappropriate access and viruses, and otherwise endeavor to insure the safety and sound development of our systems, applications and services.
4. Company executives (and/or those in equivalent positions), employees, trial employees, outsourced staff, special employees, specially-assigned employees, dispatched employees, part-time staff and subcontracted staff (hereafter "Employees, etc.") shall receive adequate training in information security (protecting and assuring the safety and security of information). All employees handling information resources shall follow the applicable information security policies and procedures, and the duties, obligations and responsibilities outlined therein.
Respect for the Law
5. All employees shall respect, obey and follow all policies and procedures outlined in the company's information management policies, all laws and ordinances relating to information management, information management provisions in agreements with customers, all related laws, ordinances and regulations, and otherwise endeavor to protect the security of information resources entrusted to the company.
Ongoing Information Protection
6. Risks posed to information resources shall be constantly evaluated from all angles and take into consideration advances in technology, changes in the business environment and other factors. New risks shall be addressed as they occur in information security policies and procedures so as to maintain the security of information at all times.
7. To assure the highest degree of information security and that all policies and procedures in place are functioning properly, the Internal Audit Office shall be tasked with conducting periodic information management audits, and making the appropriate recommendations for improvement in information handling and management policies and procedures.
December 26, 2007
Kyosan Electric Mfg. Co., Ltd.