Information Security Policies
1. Information security management system
Nittoseiko Analytech provides suitable protection for all information assets held by the company in accordance with the provisions of the relevant information security legislation and regulations as well as any specific contracts or agreements. We have designed a comprehensive information security management system that is recognized as both robust and reliable.
2. Information Security Officer
The Information Security Officer assumes responsibility for all aspects of information security at Nittoseiko Analytech. In addition, the Information Security Council, chaired by the President, oversees information security at all levels of company. The Information Security Officer and the Information Security Council together monitor information security procedures and processes throughout the organization and play an active role in developing strategies and countermeasures as required.
3. Internal information security regulations
Internal information security regulations at Nittoseiko Analytech constitute a clear statement of principles regarding the use of personal information and all other information assets held by the company. The regulations also describe ongoing training initiatives and monitoring and enhancement procedures. Extensive internal and external training programs ensure that all staff understand and appreciate the importance of information security.
4. Audit process
Information security procedures and associated rules and regulations are audited on a regular basis. In addition, awareness of Information Security Policies and management of information assets are closely monitored on an ongoing basis.
5. Security of information assets
Nittoseiko Analytech is committed to maintaining appropriate information security systems and procedures in accordance with the provisions of the relevant laws, regulations and standards as well as the company’s own Information Security Policies in order to protect information assets held by the company against security breaches such as unauthorized access, loss, tampering and destruction of data. The company also monitors physical and cyber threats and individual and organizational dangers on an ongoing basis and devises additional information security strategies as necessary.
6. Security of personal information
7. Information security literacy
Nittoseiko Analytech provides all employees—including directors and executives, regular employees, contract employees, reassigned personnel and temp staff—with ongoing training in information security tailored to their role within the organization. The training is designed to promote awareness of information security and secure usage of information, and ensure a high level of information literacy among all staff engaged in tasks involving the information assets of the company.
8. Monitoring of external contractors
External contractors engaged for outsourcing services are subject to a rigorous screening process and are expected to demonstrate security standards equivalent to if not better than those in place at Nittoseiko Analytech. Security standards at external contractors are monitored on an ongoing basis.
9. Scope of Information Security Policy
The term “information assets” as employed in the Information Security Policy encompasses all forms of information obtained or acquired in the course of the company’s corporate activities or otherwise used by the company for the purpose of conducting business. The requirements of the Information Security Policy apply to all employees engaged in tasks involving information assets—including directors and executives, regular employees, contract employees, reassigned personnel and temp staff—as well as subcontractors providing services that involve the use of information assets, along with their employees.