1. Purpose
HAPPO-EN, Ltd. (hereinafter referred to as "our company") uses a large amount of information assets in carrying out our business and managing our employees (hereinafter referred to as "our business"), and therefore understands that it is our important social responsibility to ensure appropriate information security and strive to protect information assets.
In particular, we believe that leaking information assets about our customers, even if it is trivial, to the outside is something that should never happen, and we will continue to do so as necessary to promote our business activities based on the trust of society.
We recognize that this is an essential requirement.
Therefore, in recognition of the importance of information security, we have established this Information Security Policy (hereinafter referred to as "this policy") and will establish, implement, maintain, and improve an information security management system to specifically implement this policy.
2. Implementation Items
In accordance with this policy and our information security management system, we will implement the following items.
(1) Information security purposes
We will formulate information security objectives that are consistent with this policy and take into account applicable information security requirements as well as the results of risk assessments and risk responses, and will notify all employees of these objectives. We will also review these objectives periodically, even if there are no changes, and will update them as necessary in response to changes in our environment.
(2) Handling of information assets
a) Access will be granted only to those who have a business need for it.
b) We manage information security in accordance with legal and regulatory requirements, contractual requirements, and the provisions of our information security management system.
c) We will appropriately classify and manage information assets according to their importance in terms of their value, confidentiality, integrity, and availability.
d) Continuous monitoring will be conducted to ensure that information assets are being managed appropriately.
(3) Risk assessment
a) We will conduct risk assessments, implement appropriate risk responses and introduce management measures for the information assets that we determine to be the most important based on the characteristics of our business.
b) We will analyze the causes of information security-related accidents and implement measures to prevent recurrence.
(4) Business Continuity Management
We will minimize business interruptions caused by disasters and breakdowns, and ensure business continuity.
(5) Education
We provide information security education and training to all employees.
(6) Compliance with regulations and procedures
We will comply with the regulations and procedures of the information security management system.
(7) Compliance with legal, regulatory, and contractual requirementsWe will comply with legal, regulatory, and contractual requirements regarding information security.
(8) Continuous Improvement
We will strive to continually improve our information security management system.
3. Responsibilities, Obligations and Penalties
The CEO is responsible for the information security management system, including this policy, and employees within the scope of the policy are obligated to comply with the established rules and procedures. Employees who neglect their obligations and commit violations will be punished according to the work regulations. Employees of partner companies will be dealt with according to individually established contracts, etc.
4. Periodic review
The information security management system will be reviewed periodically and as necessary, and maintained and managed.
Enacted: May 1, 2024
Last revised: May 1, 2024
Director and General Manager: Keisuke Sekimoto
