Basic Policy on Information Security
The corporate mission of Paccloa Co., Ltd. (hereinafter “Paccloa”) is “To create an exciting future in which your products will be naturally seen, experienced, and appreciated overseas,” and, accordingly, we believe it is important to appropriately protect all information assets and ensure that our customers can use our services with peace of mind as a company that develops overseas expansion support services and supports such business expansion.
For the purposes of this Policy, “Information Assets” refer to information and information systems, as well as anything necessary to protect and use these. Specifically, information assets includes data (paper and electronic media), hardware, software, networks, buildings, and equipment.
Based on the above philosophy, Paccloa and all employees, officers, and temporary workers of Paccloa shall comply with this Basic Policy on Information Security, strive to continuously improve the information security management system, and regularly hold Information Security Committee meetings with management members to establish and maintain the information security management system.
Establishment of Information Security Objectives
With the aim of increasing awareness and continuously improving this policy and various measures related to information security, we have set “Information Security Objectives” and exert a companywide effort to achieve these.
Response to Events that Hinder the Achievement of Information Security Objectives
In order to prevent events hindering the achievement of Paccloa’s information security objectives; such as unauthorized entry or access to our office or internal systems, or leakage, falsification, loss, destruction, or interference with information assets, we conduct relevant risk assessments in advance and implement sufficient and appropriate prevention measures including developing and maintaining an appropriate information security management system, physical measures, technical measures, operational measures, administrative and human measures, and accident response measures.
Additionally, we will endeavor to achieve early recovery and resolution of any information security breaches that may arise so as to secure high reliability and continuity of our business services.
Improving Information Security Literacy
We regularly conduct education and training on information security to improve awareness of the importance of protecting information assets, as well as our role and responsibility regarding information security.
Compliance with Relevant Laws and Regulations Regarding Information Security
We will make efforts to appropriately manage information by establishing internal rules for the management and operation of information assets in accordance with laws and regulations related to information security, and strictly deal with any violations that may arise.
Thorough Management of Subcontractors
When outsourcing work, in order to ensure the necessary level of security, we will sufficiently review suitability from a security aspect and strive to prevent information leakage from subcontractors. Additionally, in order to continue to ensure that the security level is properly maintained, we will conduct periodic audits of outsourcers, revise management systems, etc.
Development and Enhancement of A Monitoring System
We conduct self-inspections on a regular basis to verify that our information security is thorough. Additionally, as management review, we regularly review the results of the assessment and risk assessment of the appropriateness and effectiveness of the management measures adopted and the improvements implemented, and review the management system and this policy based on these.
Last updated: September 30, 2020, Version: 1.00