Basic Information Security Policy
- Purpose of information security
In order to protect its information assets from all threats, WHI takes steps to ensure necessary information security, since it recognizes that it is its social responsibility to continuously and stably secure its business activities, and defines the Basic Information Security Policy in order to realize this.
Employees within the scope, must understand this spirit, be familiar with the Basic Information Security Policy, regulations, and procedure documents, and comply with them.
- Information security definitions
Information security refers to maintaining the Confidentiality, Integrity and Availability of information.
- Information security objectives
WHI set the objectives of information security as ensuring the Confidentiality, Integrity and Availability of information assets; aiming to rapidly recover in order to minimize damage even if an information security accident occurs; and taking appropriate measures to prevent recurrence. - Scope
The scope shall be set as the business related to introducing of WHI’s the implementation, operation and maintenance service of our products and services, and shall include the information assets handled by this business.
In addition, the subject shall be all those who handle the information assets.
It is to be noted that the subcontractors shall enter into an agreement with contents that conform to this basic policy.
- Information security organizational structure
In addition to establishing the "Information Security Committee" for the purpose of implementation of information security, WHI shall appoint an information security manager as person with information security maintenance responsibilities.
- Risk assessment implementation
Establishment and maintenance of WHI’s Information Security Management System (ISMS) shall be carried out while achieving consistency with the organization’s strategic risk management viewpoint.
In addition, risk assessments shall be performed for Confidentiality, Integrity and Availability of information and threats and vulnerabilities, to reduce risks for example by treating high risks.
- Compliance with laws, ordinances and regulations
Employees within the scope must comply with laws, ordinances and regulations related to information security.
- Education
WHI shall thoroughly make the contents of this basic policy known to employees within the scope, and continuously implement education required for maintaining information security.
- Business continuity management
WHI shall take measures to ensure the continuity of the business in order to minimize the interruption of business due to disasters or failures.
- Audits and continual improvement
In order to check that information security has been complied with, WHI shall conduct internal audits on a regular basis and as necessary.
In addition to improvements through these audits, WHI shall conduct reviews in response to environmental changes such as changes and new threats to the information system, and implement continuous improvement.
- Punishment
At WHI employees who have committed an act in violation of the regulations related to information security, shall be subject to disciplinary action on the basis of working rules or punishment on the basis of contract.
1 August, 2019
Works Human Intelligence Co., Ltd
Manabu Tsukamoto
Chief Information Security Officer