Information Security Basic Policy

Information Security Basic Policy

The Japan Institute for Educational Measurement, Inc.
President: Noriko Nishida
Established June 1, 2010
Revised October 01, 2015

The Japan Institute for Educational Measurement, Inc.(hereinafter referred to as “JIEM E, has set as its business philosophy to contribute to implement effective education and the development of individual ability through the research and development of accurate educational measurement (testing) technology and dissemination and distribution of resulting accurate testing methods in the field of education. Therefore, JIEM believes that it must handle all information relating to its testing, as informational assets with sufficient care, in terms of particularly confidentiality, completeness and availability. Based on this thinking, JIEM has established the Information Security Basic Policy, and hereby declares that it will make every effort to implement this and to continue to improve and update it.

1. Definition of Information Security

Specifies ensuring and maintaining the confidentiality, completeness and availability of information assets.

  • Note:Confidentiality means allowing only approved users access, and not leaking information outside.
  • Note:Completeness means that information and information systems are accurate, and the information handling procedures are clarified, and observed.
  • Note:Availability means that approved users can access the necessary information and the necessary information systems.

2. Purpose

JIEM aims to respond to the trust given by stakeholders, such as its customers, business partners, stock holders and employees, and fulfill its corporate social responsibility, by handling information assets properly.

3. Scope

  1. (1) All of JIEM’s organizations are targeted.
  2. (2) Company board members, and employees, workers dispatched to JIEM by dispatch agreement, workers onsite based on work consignment agreements, and all part-time and temporary contract staff are targeted.
  3. (3) All information related to work activities under JIEM’s control is targeted (personal information is controlled by a separate personal information protection management system, so this is excluded.)

4. Goal

  1. (1) To prevent accidents from occurring and to hold incidents to a minimum.
  2. (2) In the event that an information security incident occurs, hold damages to a minimum and ensure business continuity

5. Framework for Risk Measures

At JIEM, we implement risk assessment and risk management according to the following framework, and have set control goals and measures.

(1) Awareness and classification of information assets

JIEM classifies information assets by correctly identifying the importance levels of information assets in JIEM.

(2) Risk assessment

At JIEM, we establish a cornerstone for evaluating risks to implement risk assessment.

(3) Risk management

JIEM implements controlling, physical and technical risk measures.

6. Other Information Security Rules

(1) Observe duty to information security

JIEM observes duty to information security according to law, rules, internal rules and agreements.

(2) Implement training and enlightenment activities

JIEM implements education and enlightenment activities regarding information security.

(3) Control for sustaining business

JIEM handles interrupted business activities, protects important business processes, and ensures to restart business activities and important business processes upon major failure of the information system, or a disaster.

(4) Apply punishment when there are violations

JIEM applies punishment for violators of the information security policy.

7. Responsibility for information security management

If ever an information security incident occurs, the general and specific areas of responsibility for information security, including handling reporting externally, will be borne by the management of JIEM.

8. Document of the information security management system

At JIEM, we will create and maintain an information security management document properly to control information security. Also, we will implement this policy and use this document.

9. Approval and review of this policy

This policy will be approved by the company’s board of directors and periodically reviewed.

Inquiries for the basic policy for information security:

Information Security Reception, JIEM

9:30AM to 5:30PM (Excluding Saturday, Sunday, Holidays, and Year End/New Years)