Basic Policy on Information Security
Mitsui-Soko is extremely conscious of its responsibility to protect the information assets in its possession: confidential information held by the company, confidential information received from visitors, and personal information visitors. We have therefore established an information security management system that we will maintain through the implementation and ongoing improvement of the following measures.
- Establishment and Maintenance of the Information Security Management System
To ensure that the employees, directors, etc. (including temporary and part-time staff) who use our information assets understand and comply with the Basic Policy on Information Security, we have established an information security management system that we will maintain through the establishment of a strong organizational environment and the adoption of thorough risk management measures.
- Formulation of Standards for Security Measures
We will draw up a document, entitled Basic Guidelines for the Information Security System, defining the basic conditions and judgment criteria that must be followed to achieve compliance with this Basic Policy on Information Security.
- Compliance with Other Applicable Laws, etc.
We will comply with our duty of confidentiality as stipulated by applicable laws or contractual obligations, establish voluntary management standards as needed, and maintain security. We will also have companies to which we outsource work sign contracts compelling them to comply with this Basic Policy on Information Security and the Basic Guidelines for the Information Security System. In addition, we will take necessary measures to ensure the protection of personal information via separate Personal Information Protection Rules.
- Establishment of an Organizational Framework for Promoting Security
We will appoint a Chief Information Security Officer (CISO), establish an organizational framework for monitoring and managing information security, and clearly define roles and responsibilities.
- Employee Education
We will design and implement educational programs concerning information security in order to ensure that our employees are familiar with this Basic Policy on Information Security and the Basic Guidelines for the Information Security System, and to raise their level of awareness concerning information security.
April 1, 2005
MITSUI-SOKO Co., Ltd.