Nittoseiko Analytech recognizes the importance of information risk management as part of our social obligations as a responsible corporate citizen. We are committed to secure information management processes along with comprehensive and effective strategies to minimize the risk of information being compromised in any way. We also recognize that we have a social obligation to ensure the security of our information assets as an ongoing priority for the company. The Basic Information Security Policy reflects our commitment to information security at the highest levels of the organization. The Information Security Policies and the Privacy Policy together form the cornerstone of the advanced information security management system in place at Nittoseiko Analytech.

1. Information security management system

Nittoseiko Analytech provides suitable protection for all information assets held by the company in accordance with the provisions of the relevant information security legislation and regulations as well as any specific contracts or agreements. We have designed a comprehensive information security management system that is recognized as both robust and reliable.

2. Information Security Officer

The Information Security Officer assumes responsibility for all aspects of information security at Nittoseiko Analytech. In addition, the Information Security Council, chaired by the President, oversees information security at all levels of company. The Information Security Officer and the Information Security Council together monitor information security procedures and processes throughout the organization and play an active role in developing strategies and countermeasures as required.

3. Internal information security regulations

Internal information security regulations at Nittoseiko Analytech constitute a clear statement of principles regarding the use of personal information and all other information assets held by the company. The regulations also describe ongoing training initiatives and monitoring and enhancement procedures. Extensive internal and external training programs ensure that all staff understand and appreciate the importance of information security.

4. Audit process

Information security procedures and associated rules and regulations are audited on a regular basis. In addition, awareness of Information Security Policies and management of information assets are closely monitored on an ongoing basis.

5. Security of information assets

Nittoseiko Analytech is committed to maintaining appropriate information security systems and procedures in accordance with the provisions of the relevant laws, regulations and standards as well as the company’s own Information Security Policies in order to protect information assets held by the company against security breaches such as unauthorized access, loss, tampering and destruction of data. The company also monitors physical and cyber threats and individual and organizational dangers on an ongoing basis and devises additional information security strategies as necessary.

6. Security of personal information

The Privacy Officer is responsible for ensuring compliance with the provisions of the relevant privacy laws and regulations as well as the company’s own Privacy Policy and Information Security Policies.

7. Information security literacy

Nittoseiko Analytech provides all employees—including directors and executives, regular employees, contract employees, reassigned personnel and temp staff—with ongoing training in information security tailored to their role within the organization. The training is designed to promote awareness of information security and secure usage of information, and ensure a high level of information literacy among all staff engaged in tasks involving the information assets of the company.

8. Monitoring of external contractors

External contractors engaged for outsourcing services are subject to a rigorous screening process and are expected to demonstrate security standards equivalent to if not better than those in place at Nittoseiko Analytech. Security standards at external contractors are monitored on an ongoing basis.

9. Scope of Information Security Policy

The term “information assets” as employed in the Information Security Policy encompasses all forms of information obtained or acquired in the course of the company’s corporate activities or otherwise used by the company for the purpose of conducting business. The requirements of the Information Security Policy apply to all employees engaged in tasks involving information assets—including directors and executives, regular employees, contract employees, reassigned personnel and temp staff—as well as subcontractors providing services that involve the use of information assets, along with their employees.