Information security initiatives

The JAMCO Group regards the practice and improvement of information security management as an essential requirement for fulfilling our social responsibilities. Based on an information security management system (ISMS) that complies with the ISO/IEC27001:2013 (Information security management systems requirements) international standard, we undertake initiatives that cover operations, monitoring, reviews, maintenance and continuous improvements.

Basic information security policy

Based on the JAMCO Group view that ensuring information security is an essential requirement for fulfilling our social responsibilities, we have established, as described below, an information security management system based on ISO27001 to secure the management of information, and we work on initiatives related to operations, monitoring and continuous improvements.

 

  1. By appointing a person with overall responsibility and establishing a group-wide organization, we have put in place an information security management structure.
  2. We ensure that we fulfill operational and legal requirements, as well as discharging our contractual security obligations, and the basic handling of information assets and specific procedures are prescribed in internal rules, allowing us to implement rational management of information according to its level of importance.
  3. We are establishing standards and methods for evaluating risk. We are drawing up appropriate measures to avoid or mitigate risks that emerge as a result of these evaluations, and to alleviate any serious impact on to our business from major obstacles or natural disasters that are difficult to avoid or mitigate.
  4. Education and training is provided out on a regular basis to ensure that officers and employees act with an appropriate awareness of the importance and the requirements of information security, allowing us to achieve well-balanced and high quality security management.
  5. We have established a framework for monitoring and evaluation to continuously ensure the effectiveness of the information security structure, seeking to review and improve appropriate mechanisms with the aim of preventing and forestalling the recurrence of malfunctions and incidents.