1. Definition of Information Security

Specifies ensuring and maintaining the confidentiality, completeness and availability of information assets.

• Note:Confidentiality means allowing only approved users access, and not leaking information outside.
• Note:Completeness means that information and information systems are accurate, and the information handling procedures are clarified, and observed.
• Note:Availability means that approved users can access the necessary information and the necessary information systems.

2. Purpose

JIEM aims to respond to the trust given by stakeholders, such as its customers, business partners, stock holders and employees, and fulfill its corporate social responsibility, by handling information assets properly.

3. Scope

1. (1) All of JIEM’s organizations are targeted.
2. (2) Company board members, and employees, workers dispatched to JIEM by dispatch agreement, workers onsite based on work consignment agreements, and all part-time and temporary contract staff are targeted.
3. (3) All information related to work activities under JIEM’s control is targeted (personal information is controlled by a separate personal information protection management system, so this is excluded.)

4. Goal

1. (1) To prevent accidents from occurring and to hold incidents to a minimum.
2. (2) In the event that an information security incident occurs, hold damages to a minimum and ensure business continuity

5. Framework for Risk Measures

At JIEM, we implement risk assessment and risk management according to the following framework, and have set control goals and measures.

(1) Awareness and classification of information assets

JIEM classifies information assets by correctly identifying the importance levels of information assets in JIEM.

(2) Risk assessment

At JIEM, we establish a cornerstone for evaluating risks to implement risk assessment.

(3) Risk management

JIEM implements controlling, physical and technical risk measures.

6. Other Information Security Rules

(1) Observe duty to information security

JIEM observes duty to information security according to law, rules, internal rules and agreements.

(2) Implement training and enlightenment activities

JIEM implements education and enlightenment activities regarding information security.

(3) Control for sustaining business

JIEM handles interrupted business activities, protects important business processes, and ensures to restart business activities and important business processes upon major failure of the information system, or a disaster.

(4) Apply punishment when there are violations

JIEM applies punishment for violators of the information security policy.

7. Responsibility for information security management

If ever an information security incident occurs, the general and specific areas of responsibility for information security, including handling reporting externally, will be borne by the management of JIEM.

8. Document of the information security management system

At JIEM, we will create and maintain an information security management document properly to control information security. Also, we will implement this policy and use this document.

9. Approval and review of this policy

This policy will be approved by the company’s board of directors and periodically reviewed.

• About JIEM
• What we think about tests JIEM
• Businesses
  • Testing & Learning
  • Test Analysis and Consulting
  • Test Operations
• Research Activities and Our Advisory Team

• Corporate Profile
  • Recruitment
• Inquiries
• News
• Site Map
• Information Security Basic Policy
• Personal Information Policy