ITOCHU Techno-Solutions Corporation and its group companies (the "CTC Group") are dedicated to establishing and enforcing information management based on the CTC Group's Codes of Conduct. Recognizing information protection as one of its corporate responsibilities, the CTC Group acknowledges that it has the critical social obligation to handle information and practice security management properly. To fulfill this obligation, the CTC Group defines its basic policy on information security, and all officers and employees comply with this policy to ensure the appropriate handling, management, protection and maintenance of information.
1. Management and protection of information assets
We take the necessary steps to manage and protect information assets, assessing and classifying all such important assets (including personal information) owned by the CTC Group in terms of confidentiality, integrity and availability, and clarifying the information security risks associated with information assets. If any entity outside the scope of the policy deals with the information assets as a result of subcontracting to a party outside the CTC Group, leasing of any information system or other reason, that entity is required to practice appropriate management of information assets.
2. Cyber security measures
We take measures against any risks of cyber security and contribute to implement the safety of the society as well as the one of the CTC Group.
3. Information Security and Personal Information Protection Management System
The CTC Group has established a management system for information security and personal information protection. The Group keeps all officers and employees informed of this program, which it reviews regularly, making ongoing improvements.
4. Information security training
All officers and employees are kept fully aware of the importance of information security and are familiar with the detailed compliance rules for information security at the CTC Group. To maintain and upgrade the Group's information security management system, we provide regular training on information security to all officers and employees.
5. Preventing and acting upon incidents impacting information security
The CTC Group is committed to preventing criminal or accidental incidents involving information security, whether they arise from deliberate acts, operational errors, the negligence of officers and employees authorized to use information assets or from the actions of third parties. Should such incidents occur, the CTC Group is equipped to respond rapidly and manage such incidents appropriately.
6. Observation of laws and regulations
All officers and employees of the CTC Group observe laws, regulations and industrial guidelines in the course of their work, in compliance with information-security-related rules.
First edition: June 16, 2005 Revised: July 1, 2017 Satoshi Kikuchi President and Chief Executive Officer ITOCHU Techno-Solutions Corporation
Personal Information Protection Policy
The CTC Group recognizes the protection of personal information as a matter of the highest priority and therefore ensures the appropriate handling, management and maintenance of this information. We recognize the protection of personal information as part of our corporate activities, and realize that the appropriate handling and safe management of personal information are an important social responsibility of the CTC Group. To fulfill this responsibility, the CTC Group has established a Policy on Personal Information Protection. In line with this policy, all officers and employees throughout the CTC Group work to handle, manage, and maintain personal information appropriately.
First edition: April 1, 2004 Revised: April 1, 2017 Satoshi Kikuchi President and Chief Executive Officer ITOCHU Techno-Solutions Corporation
When collecting personal information, we explicitly indicate the purpose and scope of information use in advance, and utilize the information only within the scope of purposes agreed to by the persons providing the information. In addition, we manage appropriately the use, provision, safekeeping, and entrustment of any personal information we obtain or that is provided by customers, and ensure that such information is used only for the purpose and in the range of use for which consent has been obtained. Following use, we appropriately dispose of or return this information.
The CTC Group observes all laws, government guidance and other regulations regarding personal information protection.
The CTC Group stores personal information under strict controls, and takes appropriate preventive and corrective measures against the leakage, loss or damage of personal information.
We have established a permanent consultation desk to deal appropriately with any individual complaints or consultations from individuals about the handling of their personal information.
The CTC Group has created the Information Security and Personal Information Protection Management System to ensure the protection and appropriate management of all personal information used in the Group's business. The program, which has been publicized and propagated to all officers and employees, is periodically reviewed to ensure ongoing improvement.