閉じる

Information Security (ISO27001)

ISO27001 basic policy

At Proface Systems Co.,Ltd., we created an “Information Security Management System” (ISMS), which is based on international information security management system standard: ISO/IEC 27001:2013,JISQ27001:2014. In additional, we enhanced our information security management policy as below.

Purpose

With the development of recently technology, life is getting more convenient. In other hand, there is a greater risk for information overflowing and unauthoried access. In such situation, we understand that our basis of business activities are protecting and handling information, as a social responsibility.
Also, as PFS are trusted by our customers, we defined information security management as our first priority, in order to enhance customers trust as well as avoid any business loss.
Therefore, we set this policy with the aim to operate, operate our information security management properly.

Definition of information security

The information security means to be maintained to ensure the confidentiality, integrity and availability.
  • The Confidentiality: Individuals, entity (organizations) or process which should not be accessible or informed to public(To avoid information leakage and unauthorized access)
  • Integrity: Characteristics to protect the accuracy and completeness of assets (that it be protected from tampering and mistakes of information.)
  • Availability: When the authorized entities (organizations) requests, access and use are possible characteristics. (To protect from loss, damage or shutting down the system of information.)

Goal of information security

Company’s final goals are listed as bellow.
  • It is possible to prevent information security incidents in advance, with the aim of generating zero.
  • If the information security incident occurs, to minimize the damage, we aim to recover and prevent its recurrence within a specified time.

Construction of information security management system and the implementation system

To build the information security management system, and appointed the information back security management officer, and then established the Information Security Committee. It has established a promotion system in order to achieve the smooth promotion, and to clarify the responsibility and authority.

Information security basic principles

  • Access restriction principle Only authorized staff, operators should have asscess to access information asset.
  • Information assets management Information assets laws and regulations, and management in accordance with the provisions of requirements and information security by the Company set forth in the contract.
  • Information assets classification Information assets, asset value, confidentiality, integrity, from the standpoint of availability, and it is properly classified and managed according to their importance.
  • Risk management Adopted a risk assessment method, conducted a risk analysis of the information assets to determine the most important from the characteristics of the business, we can implement the appropriate measures. For risk measures, to assess the measures the effectiveness effect, we will work to improve risk management.
  • Monitoring Information security management system is properly managed, daily monitoring system, perform continuous monitoring activities due to periodic internal audits and management reviews.
  • Responding to IT Security Incidents Analyze the cause as well as take immediate measures of incidents related to information security, and take preventive measures and measures to prevent recurrence.
  • Business continuity management In case of serious event such as the failure of disasters and information systems, to minimize the disruption of major business, to ensure the continuation of the business.
  • Education and training Information and implement security education and training are required for all employees, in accordance with the duties and verify its effectiveness.
  • Regulations and Procedures Observance Provision of information security management system, and established a procedures, we will work to ensure its compliance.
  • Legal contract compliance requirements Laws and regulations related to information security, we will comply with the security obligations of regulatory and contract. Laws and regulations which the Company is involved, the rules clearly shown in the list, we will work to well-known of all employees.
  • Continuous improvement We will work for continuous improvement of information security management system.

Well-known

Basic policy will be well-known to all employees.
  • Implementation matters
    1. Because all the information assets of the applicable range are threat (leakage, unauthorized access, alteration, loss, damage), an information security management system is established in order to protect, implementation, operation, monitoring, review, it is assumed that the maintenance and improvement.
    2. Handling of information assets, it is assumed that to comply with the relevant laws and regulations and contractual requirements.
    3. As business activities are not interrupted from a serious failure or disaster, we have formulated the prevention and recovery procedures, it is assumed that a periodic review.
    4. Information security education: Training for all employees will be carry out regularly
  • Responsibility, Obligation and Punishment
    1. Representative director has responsiblity in information security. For that, representative director shall provide the resources staff of the scope requires.
    2. All related staff have responsibility to protect the customer information.
    3. All related staff have responsibility to follow the procedures for maintaining the policies.
    4. All related staff, have responsibility report any accidents or weaknesses with respect to information security.
    5. Any related staff who carry out bad behaviour in accordance with information (not limited at customer information), will be punished by company rule.
  • Periodic reviewThis basic policy is revised every year. However, if a significant change has occurred in the business environment, it will be revised appropriately.

ISO27001 certification scope

Proface Systems Co.,Ltd.
  • System development
  • Bridge SE training, dispatch business
  • Daytime advance consulting business
  • Our products service delivery business

ISO27001 certification number

Certification number:491577 ISMS13

ISO27001 Registration Date

Registration Date: January 23, 2013

Examining Authority

UL DQS Japan CO., LTD

The end

Enactment Date:September 18, 2012

Update Date:January 23, 2019

Proface Systems Co.,Ltd
Representative Director Kazuki Den

Consultation and inquiry

Proface Systems Co.,Ltd. Management Headquarters
〒103-0015 Nihonbashi, Chuo-ku, Tokyo Hakozaki-cho 18-11 COSMO8-4F
TEL: +81 03 5643 7768
FAX: +81 03 5643 7769
EMAIL: info@proface-sys.com

ISO27001 Authentication certificate

ISO27001 Certification