Rules for Information Security Management
Chapter 1 General
Article 1: (Purpose)
We have established rules for the protection from various threats to the information assets of customers and business partners (“Customers and others”) that ALL JAPAN RELOCATION, INC. (“Company”) handles for the purpose of business and in order to preform normal and smooth business operation of the Company.
Article 2: (Definitions)
The terms of these rules shall have the following meanings:
2.1 “All our officers and staff” includes officers, employees, part-time employees, temporary employees, and subcontractor employees.
2.2 “Information assets” includes information, information systems, and all things necessary to perform operation, management, appropriate use of these. This also includes hardware, software, network, recording media, and all the information, knowledge, know-how, etc. that were obtained during the course of business.
2.3 “Information security policy” is defined as including “Information Security Basic Policy” and rules and regulations of information security.
2.4 “Information security” means to ensure and maintain “confidentiality”, “availability” and “integrity” of information assets.
2.5 “Confidentiality” means to disclose information assets in a predetermined manner only to those who have access rights, and to protect them from those who do not have access rights.
2.6 “Availability” means to keep an information asset available to those with access rights when needed.
2.7 “Integrity” means the accurate processing and retention of information assets without tampering, etc. while maintaining consistency.
Article 3: (Scope of Rules)
This rule applies to all information assets of Customers and others and the Company which are handled in the course of business.
3.1 In the case where special operational rules are established by the contract, etc. regarding the management and handling of information assets of Customers and others, the Company shall comply with such operational rules.
3.2 This rule shall apply to all our officers and staff who use the information assets set forth in the preceding clause.
Chapter 2 Organizational Frameworks
Article 4: (Information Security Management Committee)
4.1 The Company shall establish an Information Security Management Committee within the Administration Department as a governing body for information security.
4.2 The Information Security Management Committee promotes thorough information security based on the Information Security Policy, oversees information security throughout the company, and provides criteria for matters not specified in the Information Security Policy.
4.3 The Information Security Management Committee shall perform its duties in cooperation with relevant departments of the Company as necessary.
4.4 The Information Security Management Committee shall be able to have the chairman of the committee appoint a person as Information Security Supervisor and, if necessary, have the person confirm the status of information security.
Article 5: (Duties of Information security supervisor)
5.1 The Information security supervisor shall be responsible for information security within the organization and shall take necessary measures to carry out the Information Security Policy thoroughly, such as providing necessary guidance and enlightenment activities within the organization and establishing an appropriate environment.
5.2 Information security supervisor shall always be able to grasp the status of information security within the organization, and shall be able to appoint an Information Manager, an Education and Training Supervisor, and a Personal Information Protection Auditor in order to maintain and improve the status of it.
Article 6: (Duties of the Training and Education Supervisor)
The Training and Education Supervisor shall be responsible for understanding and complying with the matters stipulated in the Information Security Policy, and for planning and managing education to ensure that all our officers and staff comply with the Information Security Policy.
Article 7: (Duties of the Personal Information Protection Auditor)
The Personal Information Protection Auditor shall be responsible for understanding and complying with the matters stipulated in the Information Security Policy as a System Auditor, and for auditing on a regular basis whether the Information Security Policy is appropriately complied with among all our officers and staff.
Chapter 3 Training and Education
Article 8: (Implementation of Training and Education)
The Training and Education Supervisor shall plan and manage training and education programs to ensure that all our officers and staff comply with the information security policies. The content and schedule of training and education programs shall be determined by the Training and Education Supervisor.
Chapter 4 Risk assessment and Audit
Article 9: (Risk assessment)
The Information Security Management Committee shall continuously conduct risk assessments of information assets from various angles, taking into account technological advances and changes in the business environment, and shall maintain and improve information security by reflecting the results of such assessments in Information Security Policy and various other policies based on it.
Article 10: (Implementation of Audit)
10.1 The System Auditor shall periodically audit the compliance status of the Information Security Policy.
10.2 The Division audited, whose compliance status of the Information Security Policy has been asked to be improved by the System Auditor, shall take the appropriate corrective actions after creating an improvement plan.
Chapter 5 Penalties
Article 11: (Punishment for Violator of Information Security Policy)
11.2 If an employee violates the Information Security Policy, he/she shall be subject to disciplinary action under the company's rules of employment. About a seconded staff, he/she shall be punished according to the secondment agreement with the company which he/she was seconded from.
11.2 When temporary employees and subcontractor’s employees violate the Information Security Policy, he/she shall be punished according to the contract between the Company and his/her dispatch company or subcontractor.
This rule shall come into force on January 1, 2020.
Please feel free to contact us
One Stop relocation service contact at your fingertips