MENU
Language
Language

Information Security Policy

Information Security Policy

1. Purpose

CITRON Systems (hereinafter referred to as “our company”) recognizes that, in carrying out business system software development and consulting, as well as employee management (hereinafter referred to as “business”), we use a large amount of information assets. Therefore, appropriately achieving information security and striving to protect these information assets is an essential requirement for promoting corporate activities based on the trust of society, as well as a significant social responsibility. Hence, our company, recognizing the importance of information security, has established this Information Security Policy (hereinafter referred to as “this policy”), and will establish, implement, maintain, and improve an information security management system to specifically execute this policy.

2. Definition of Information Security

Information security is defined as maintaining confidentiality, integrity, and availability.

  1. Confidentiality
    Protecting information assets from unauthorized access and ensuring they are not disclosed to unauthorized individuals.
    (The characteristic of ensuring that information is not made available or disclosed to unauthorized individuals, entities, or processes.)
  2. Integrity
    Protecting information assets from tampering and mistakes, and ensuring they are accurate and complete.
    (The characteristic of maintaining accuracy and completeness.)
  3. Availability
    Protecting information assets from loss, damage, or system downtime, and ensuring they are available when needed.
    (The characteristic of being accessible and usable upon demand by an authorized entity.)

3. Scope of Application

This policy applies to all information assets managed by our company. The scope of information assets includes not only electronic devices and electronic data but also all forms including paper media.

  1. Organization
    CITRON Systems (all employees)
  2. Facilities
    Headquarters (Address: 3-12-5 Takadanobaba, Shinjuku-ku, Tokyo, Seven Building 3S)
  3. Business
    Business system software development and consulting
  4. Assets
    Documents, data, information systems, and networks related to the above businesses and various services

4. Implementation Items

In accordance with this policy and our company’s information security management system, we will implement the following items:

  1. Information Security Objectives
    Formulate information security objectives that are consistent with this policy, take into account applicable information security requirements, and consider the results of risk assessments and risk responses. These objectives will be communicated to all employees and will be reviewed periodically or as needed according to changes in our environment.
  2. Handling of Information Assets
    a. Access permissions will be granted only to those who need them for business purposes.
    b. Management will be carried out in accordance with legal and regulatory requirements, contractual requirements, and our company’s information security management system regulations.
    c. Information assets will be appropriately classified and managed based on their value, confidentiality, integrity, and availability.
    d. Continuous monitoring will be conducted to confirm that information assets are being managed appropriately.
  3. Risk Assessment
    a. Conduct risk assessments and implement appropriate risk responses and control measures for information assets deemed most important based on the nature of the business.
    b. Analyze the causes of incidents related to information security and take measures to prevent recurrence.
  4. Business Continuity Management
    Minimize business interruptions due to disasters or failures and ensure business continuity.
  5. Education
    Provide information security education and training to all employees.
  6. Compliance with Regulations and Procedures
    Comply with the regulations and procedures of the information security management system.
  7. Compliance with Legal and Regulatory Requirements
    Comply with legal and regulatory requirements related to information security and contractual requirements.
  8. Continuous Improvement
    Continuously improve the information security management system.

5. Responsibilities and Obligations, and Penalties

The responsibility for the information security management system, including this policy, lies with the President. Employees within the scope of application are obligated to comply with the established regulations and procedures. Employees who fail in their obligations and engage in violations will be disciplined according to the employment regulations. Responses to partner company employees will be handled according to individually specified contracts.

6. Regular Review

The information security management system will be regularly reviewed and maintained as necessary.

Established: January 1, 2021
Last Revised: September 29, 2023