IT-Communications Inc. conducts entrusted call center business and related services giving first priority to clients' trust. Responding to the earned trust from our clients, we stipulates this "Information Security Policy" for the purpose of providing high quality services, and use it as guidelines for implementing appropriate assets protection measures.
The purpose of the organization is to prevent loss, theft, unauthorized access, and leak of assets which are entrusted by our clients. We secure and maintain confidentiality, integrity, and availability of assets provided by entrustees, personal information and assets acquired and held by IT-Com as information security.
Among our businesses, businesses in Information Systems Group, Business Group, Business Management Group, and Compliance Group will be covered by Information Security Management System (hereinafter referred to as "ISMS").
The management will set basic policy and purpose of ISMS, appoint an information security officer and a person in charger of information security from Information System Department. The management will provide these appointed people with necessary managerial resources for ISMS activities. The management will decide a framework for risk assessment, risk acceptance criteria, and acceptable level of risk, and will approve results of risk assessment, residual risk, adoption or rejection of results of management plans, structured ISMS, and security plans for promoting them, and will make decisions based on them. In addition, the management will conduct periodic internal audits and management reviews, and will evaluate effectivity of adopted management plans and improvements, and will review results of risk assessment, management system, and this basic policy, and will implement continuous improvement of ISMS.
The Information Security Officer will promote ISMS activities and establish, operate, monitor, review, maintain, and improve ISMS together with a person in charger of information security from Information System Department.
Our information security officer and a person in charge of information security in the Information System Department will identify personal information and confidential corporation information acquired in the course of business in addition to its manager. We will set appropriate method of risk assessment based on our business scale and contents over the identified assets, and take rational and appropriate management actions to protect them. The management will decide risk acceptance criteria and acceptable level of risk. Based on results of risk assessment, the management and the Information Security Officer will review these criteria and level including the method of reassessment depending on environmental changes such as organization, business, technology and society.
Along with implementing the management plans to protect personal information we handle, we will respect the concept of "The Rights to Control Self-Information" of each individual, and will identify, disclose, and notice of purpose of use of personal information, and will obtain, use, and provide personal information limited to regulations and the purpose of use in compliance with laws, guidelines and rules by ministries. We will also deal with complaints related to personal information, in addition to disclosure, correction, addition, deletion, discontinuance of use or provision of applicable personal information we hold, and notice of the purpose of use.
We will manage our customers' and company's confidential information based on the Unfair Competition Prevention Act. We will also clarify and comply with other laws and regulations related to our businesses.
All employees including board members and contract workers will act in conformity with "Information Security Policy" and our company's regulations and manuals with respect to ISMS. In the event of breach, disciplinary action shall be taken in accordance with our work regulations.
Under the Management's instruction, the Information Security Officer will implement training for employees' clear understanding of the importance of information security.
Enacted: September 1, 2010
Final Revised: November 30, 2015
Takashi Ishihara, President and CEO, Representative Director