Security Policy
SYS Holdings Co., Ltd. develops system integration and outsourcing services under the philosophy of "returning skillful human resources and technologies to society through information systems." We handle a variety of "information" in our business and recognize that the security management of "information" is an important social responsibility. Our company is engaged in all services related to information technology, not just system development. Our aim is to provide "Comprehensive Information Services" that are the core of customer operations. During the process, we cannot escape from handling information including personal information. Therefore, we will fulfill our social responsibilities by firmly recognizing corporate ethics in the information society and doing our best to maintain confidentiality and to protect specific information.
For these reasons, we have established the “Information Security Policy”. And we always keep in mind the following matters (1-8), and make sure that officers, employees and all parties involved in the Company's business are thoroughly informed, and strive to properly protect information assets in accordance with this policy.
- We maintain “confidentiality”” Integrity” and “availability” of data which are the basics of maintenance of information security.
- In order to maintain and manage information security, we establish, implement and maintain an information security management system. We regularly check and review compliance, and strive for continuous improvement in response to changes in the social and internal environment.
- We comply with laws and regulations, national guidelines and other standards as well as contractual security obligations and we fulfill our social responsibility.
- We establish criteria for assessing risk and structure of risk assessment.
- We take optimal security measures to reduce the risks identified by risk management
- We will formulate preventive and recovery procedures and review them regularly so that business activities are not interrupted by major obstacles and disasters.
- We conduct information security education and training on a regular basis for all employees.
- Violations of information security and suspicion of vulnerabilities will be reported and investigated.
Enactment: August 1, 2013