SuRaLa Net Co., Ltd. (hereinafter “the Company”) recognizes that the appropriate management of information assets is an important management issue, declares the “Information Security Policy” as the Company’s policy on information security, and compiles with the “Information Security Policy” and the “Privacy Policy” described separately. The information assets covered by the Information Security Policy are all information acquired and received during the Company's business activities and all information possessed by the Company during its business operations. The Company's "directors, employees, temporary employees, etc." handling and managing these information assets and the "contractors and their employees" handling the Company's information assets shall comply with the Information Security Policy.
Development of information security management system
The Company shall comply with laws, regulations, guidelines, and other rules related to information security and develop an information security system covering the Company's information assets and security risks.
Assignment of “Chief Information Security Officer”
The Company shall appoint a Chief Information Security Officer (CISO) to protect and properly manage information assets and establish a system to monitor the company-wide information security status and promptly take necessary measures.
Development of internal rules on information security
The Company shall establish internal rules on information security and make everyone within the Company know clear policies and rules for protecting and appropriately managing information assets.
Improvement and enhancement of the audit system
The Company shall conduct information security audits on a regular and as-needed basis to verify that the information security in the execution of our business operations comply with laws and regulations on information security, rules related to information security established by administrative agencies, and internal rules and regulations, and function effectively so that information assets will be properly managed.
Appropriate information security measures
The Company shall implement security measures to prevent accidents such as unauthorized access, destruction, leakage, falsification, and loss of information assets and continuously improve such measures to respond to changes in technological and social needs.
Enhancement of information security literacy
The Company shall educate, enlighten, and train all employees to increase their information security literacy and ensure they perform their duties with knowledge of information security, and continuously educate and train them to respond to changes in social conditions.
Enhancement of management system for subcontractors
When outsourcing its business operations, the Company has established standards for outsourcing, thoroughly examines the eligibility of subcontractors, and requires them to maintain security levels equal to or higher than the Company's. We conduct periodic audits of subcontractors to ensure they maintain an adequate security level.
Continuation of improvement
We will continuously enhance our information security management by regularly assessing and reviewing the above measures.
ISMS certification acquired
The Company acquired an international standard, "ISO/IEC27001:2013", which is a third-party certification standard for ISMS (Information Security Management System), and a third-party certification of "JIS Q27001:2014," a domestic standard, in February 2021.
We recognize the proper handling of personal information, confidential information that we received from stakeholders, as well as the system for managing them (information asset management) is not only an important premise for implementing the corporate philosophy of SuRaLa Net Co., Ltd. but also one of the most important social responsibilities for all companies handling information today. SuRaLa Net Co., Ltd. will continuously ensure and strengthen its information security.
The Company has declared SECURITY ACTION (two stars)
The Company has declared two stars of ”SECURITY ACTION” conducted by the Information-technology Promotion Agency, Japan (IPA), an independent administrative agency under the jurisdiction of METI.
“SECURITY ACTION" is a system for small and medium-sized enterprises to self-declare their commitment to information security measures.
SuRaLa Net Co., Ltd. is working to raise the security awareness of all employees and will continue strengthening the security of the information it handles.