 |
 |
|
 |
 |
 |
【Basic Policy】
Information security and the protection of personal information are of great importance in this day of age. The policy herein ensures the proper management and maintenance of all the information assets of JAL ABC and its subsidiaries (hereinafter referred as the Company). This is a basic policy to protect the information that we possess. All parties involved in activities with the Company shall recognize this policy as a common guideline and shall comply with the applicable security standards to ensure the security and thorough maintenance of this information.
1.Definition of Information Assets
Information assets refers to any and/or all information and information systems including customer information, business information, financial information, personal information and technological knowledge regardless of whether it is stored in electronic media or on paper.
2.Compliance with Rules and Regulations
The Company shall comply with all applicable laws regarding the management of information assets including the “Act for Protection of Computer Processed Personal Data” as well as all administrative guidelines. The Company shall establish and comply with all in-house policies, company regulations and guidelines.
3.Information Security Management System
In order to ensure the security of its information assets, the Company shall enforce information security standards with an in-house information security management system and continuously maintains and improves the robustness of its information security.
4.Establishment of Security Measures
The Company shall establish security measures and take preventive measures against unauthorized access to or the loss, destruction, alteration or leakage of customer information.
5.Full Participation Rule
All parties involved in activities within the faculties of the Company shall make a united effort to ensure information security and shall not disclose any information assets unless where it is legally required. This applies to all officers and employees, temporary employees, and part-time employees of the Company and to any resident staff of outside companies .
6.Implementation of Trainings and Enlightenment Activities
The Company shall promote training and enlightenment activities for all parties involved in the activities of the Company including company employees to provide them with the knowledge and insight on information management and also to educate employees with the proper management of information.
7.Communications with Subcontracting Companies
If the Company consigns the maintenance of its customer information to an external business enterprise, the Company shall select those persons with the proper experience as well as abilities and those companies who meet the appropriate personal information protection standards. The Company shall ensure confidentiality and shall ensure that the information will be managed properly when making a contract with any external company.
8.Efforts for Business Improvement
We shall regularly confirm the proper maintenance of information security and make continuous efforts for the improvement of the Company’s business.
9.Countermeasures in Case of Accident
In case of accident, we shall try to minimize damage by promptly disclosing any necessary information and take any appropriate actions including preventive measures.
10.Clarification of Customer Service Counter
The Company shall create a customer service counter to address inquiries, claims and/or requests and shall take prompt action with sincerity and professionalism.
11.Publication of Policy
The Company shall make public our policies on information security and the protection of personal information including this policy by posting them on the Company website.
