ISMS Basic Policy

IMAGE Co., Ltd. receives customers’ information assets in various forms, and it also produces contents that can become customers’ information assets. Therefore, all employees need to be keenly aware of information security and to be able to make autonomous judgments and take actions in order to reduce the risks posed by various threats. This allows us to fulfill our legal requirements in terms of business activities and our security obligations as stipulated in contracts, and thereby respond to the trust placed in us by customers. Accordingly, regarding “information security to be a basic tenet of company operation” and viewing information security initiatives as important management strategy, IMAGE Co., Ltd. declares its intention to establish and execute the “Basic Policy of Information Security.”

1. Through establishing an information security management system and working through an information security committee and information security managers, etc., we strive to accurately gauge the operating status of our information systems and to take measures for improving information security from the viewpoints of technology and operation, and to maintain and continuously improve our ISMS (Information Security Management System).

2. Having established risk assessment standards and a risk assessment setup, we define a systematic approach to risk assessment based on these. With particular emphasis on confidentiality regarding customers’ information assets and in-company employees’ personal information, integrity regarding the know-how that is amassed in the company, and availability regarding the company’s information systems, we conduct risk assessment and clarify security requirements while distinguishing information asset threats from vulnerabilities.

3. Internal audit officers and auditors each year conduct periodic audits of compliance with the ISMS basic policy, ISMS manuals and procedures, and various standards, implementation of risk countermeasure plans, and legal compliance in each department.

4. The necessary training and education are provided for all workers to ensure that they have full knowledge and awareness of information security.

5. As well as ensuring adherence and conformance to information security legislation, standards and codes including the Personal Information Protection Law, the Act concerning the Prohibition of Unauthorized Computer Access, the Copyright Act, etc., we are committed to complying with these laws, standards and codes.