IWATSU ELECTRIC CO., LTD. (the “Company”) provides unique and high-quality products and services to address the diverse needs of our customers in the business communication systems, test and measurement equipment, and electronic reprographic devices business fields. In particular, the IT Solution Business is a key business at the core of the Company. The Company is not just a hardware vendor. Instead, as a vendor of solutions that include the provision of software and delivery system operational support, it is important for the promotion of our businesses and our contribution to social progress that we always prioritize our customers and maintain their trust in the Company, while building a trustworthy brand.
Accordingly, we have set forth this “Information Security Policy” in order to continue to fulfill the trust our customers place in us. The Company has also established and introduced an ISMS in accordance with this policy, which we operate, monitor, maintain, and improve, as part of efforts to promote our credibility to customers through concrete actions. By ensuring that this purpose is shared among all members of our organization and complying with the Company’s Information Security Policy and the rules and procedures related to the information security management system we have established, we will nurture a corporate culture that prioritizes information security.
Organizational purpose and maintenance of information security
1. The organizational purpose of information security is to prevent the loss, theft, unauthorized use, leakage, etc., of assets, and continue to fulfill our customers’ trust. As part of our information security, we shall ensure and maintain the confidentiality, integrity, and availability of assets entrusted to us by customers, personal information acquired by the Company, and assets held by the Company.
2. The applicable scope of the Company’s ISMS shall be all of the following operations.
- Sales operations related to Telecommunications Equipment, system integration, and operation and maintenance services performed by the Cloud Solution Sales Dept.
- Creation, operation, and maintenance services for internal information systems performed by the Information Systems Dept.
Responsibilities of senior management
3. The responsibilities of senior management shall be as set forth below.
a) Establish the Information Security Policy and a purpose for information security, and ensure that they are consistent with the strategic direction of the organization.
b) Ensure the integration of organizational processes with the requirements of the ISMS.
c) Ensure that the necessary resources for the ISMS are available for use.
d) Communicate the importance of effective information security management and conformity with the requirements of the ISMS.
e) Ensure that the ISMS achieves its intended results.
f) Direct and support people to ensure they contribute to the effectiveness of the ISMS.
g) Promote continuous improvement.
h) Support the roles of other related management employees to demonstrate their leadership in their areas of responsibility.
Duties of the person responsible for information security management
4. The person responsible for information security management shall promote the activities of the ISMS, establish the ISMS, introduce and operate the ISMS, monitor the ISMS, and maintain and improve the ISMS.
Asset identification, risk assessment implementation, and management measure selection
5. The person responsible for information security in a division shall identify assets used for business purposes and the persons responsible for managing them (risk owners). They shall then perform risk assessments for the assets identified, in accordance with the Company’s business scale and business content, and select reasonable and appropriate management measures to protect those assets.
Protection of personal information
6. The Company shall implement management measures to protect the personal information that it handles. At the same time, the Company shall also respect the idea that the person who is the subject of personal information has the right to control personal information about himself/herself, and shall identify the purpose of using personal information, publicly disclose and provide notification thereof, and acquire, use, and provide personal information only in accordance with laws and regulations and the purpose of use, in accordance with laws and regulations, as well as guidelines and standards set forth by government agencies. The Company shall respond to complaints related to personal information, and shall also take measures such as disclosing any personal data held that requires disclosure, etc.
Compliance with laws and regulations
7. The Company shall manage customer and corporate confidential information in accordance with the Unfair Competition Prevention Act. The Company shall also appropriately manage software, etc., to ensure that rights related to works are respected in accordance with the Copyright Act. The Company shall also clarify and comply with all other laws and regulations related to its operations.
Duties of employees
8. All employees of the organization shall act in compliance with the Information Security Policy and the regulations and procedures related to the ISMS. In the event of any violations, disciplinary action shall be applied in accordance with the rules of employment, etc., of the Company.
9. With the support of senior management, persons responsible for the operation of information security shall provide education and training related to the ISMS.
Enacted September 1, 2010
Revised October 30, 2013
Revised June 20, 2014
Revised September 15, 2015
Revised June 24, 2016
Revised August 31, 2016
Revised October 10, 2017
Revised April 22, 2019
Revised June 24, 2022
Revised October 31, 2022
IWATSU ELECTRIC CO., LTD.
President & Chief Executive Officer