Basic Information Security Policy

  1. Purpose
    Daiko Group (hereinafter referred to as "the Group") recognizes that ensuring information security is one of the most important management issues for the normal and smooth conduct of business activities, and believes that it is important to act with a high level of awareness of information security, while taking specific physical, environmental and technical measures under an appropriate information security management system, and with a respect for its importance. 
    We hereby establish a basic information security policy and take appropriate measures to protect the information assets held by the Group.
    Our management and all employees shall understand this purpose and comply with the information security management system of the Group.
  2. Definition of Information Assets
    Information assets include management information handled in the course of business activities and personal information (customer and employee information) that is determined as necessary to be protected in accordance with the Group's standards.
  3. Definition of Information Security
    Information security refers to the assurance and maintenance of confidentiality, integrity, and availability.
    (1) Confidentiality: Only authorized persons can access customer information.
    (2) Integrity: Customer information is accurate, and uniform methods are used to process such information.
    (3) Availability: Authorized persons can access the required customer information when needed.
  4. Scope of Application
    The scope of application for information security management includes the following organizations, locations, businesses, and networks.
    (1) Organizations: Specified in Information Security Promotion Chart
    (2) Locations: Specified in "1.2 Scope (Scope of site)" in "ISMS Manual (A02)"
    (3) Business: Specified in "1.2 Scope (Scope of business)" "ISMS Manual (A02)"
  5. Implementation Details
    (1) The basics of information security, confidentiality, integrity, and availability, shall be assured and maintained.
    (2) Items stipulated in regulations and laws related to information security, the Personal Information Protection Law, shall not be violated.
    (3) In order to maintain and manage information security, an Information Security Committee shall be established to make periodic revisions of the basic information security policy statement, basic policies, and information security measures.
    (4) Standards for risk assessment and a risk assessment structure shall be established.
    (5) Optimal information security measures shall be taken to reduce risks that have been identified through risk assessment.
    (6) Training regarding information security shall be provided periodically, and within an appropriate scope, for all employees.
  6. Penalties
    In the event that any member of said appropriate range of personnel behaves in a manner that threatens the protection of information assets entrusted to our company, including but not limited to customer information, appropriate measures shall be taken in accordance with company regulations.
  7. Periodic Revision
    Revision of the information security management system shall be performed periodically in conjunction with changes in the operational environment.

July 1, 2020
Hideaki Hamamoto, Representative Director
Daiko CO., Ltd.  (Daiko Group Holding Company)