Prestige International Inc. considers the "security of information assets" and "business continuity" to be the most important management issues in the development of our BPO business, and in order to live up to the trust of our customers and society, the Prestige International Group is committed to information security based on the following policy.
1. Purpose
Recognizing the importance of information security, the Group has established the following objectives.
- (1) Prevent information security incidents by implementing appropriate information security management.
- (2) In the event of an information security incident, to minimize the damage, to restore the system promptly, and to prevent its recurrence.
- (3) Ensure the availability of information assets and that necessary information is available when needed.
- (4) Properly manage personal information and prevent leaks.
- (5) Position climate change as an issue for the Group in terms of information security, and respond to the trust of stakeholders and society.
This document is established for the appropriate realization, management and operation of the above.
2. Management's Responsibility
The Group will strive to systematically and continuously improve and enhance information security under the leadership of management.
3. Interested parties
The following are the interested parties of the Group.
- Clients and their contractors
- Client company
- Shareholder
- Directors of the Group, all employees working for the Group, and employees of subcontractors
4. Scope of application
The scope of this document applies to all information assets managed by the Group, including all forms of paper, magnetic media, projected images, and sound, in addition to electronic information residing within information systems and external services.
This document applies to all directors and officers of the Group, all employees working for the Group, and employees of subcontractors.
In addition, we will enter into an agreement with third parties other than our group companies to ensure that they handle the information assets managed by our group companies in accordance with this document.
5. Information Security Organization Structure
The Information Security Committee shall be established as a body to examine and make decisions on issues related to the Group's information security.
As stipulated in separate regulations, a chief information security management officer shall be selected from the Group's management team to establish a system to handle information security on a company-wide basis.
6. Information Security Basic Policy
We will continuously maintain and improve the Group's information security under the following basic policy on information security.
6.1 Risk Management
We identify and analyze possible information security risks in conducting business and implement necessary risk countermeasures.
6.2 Need to Know Principles
When granting authority over the information assets managed by our group, we consider the necessity and grant only the necessary authority to those who need it for their work.
6.3 Information Assets Management
All information assets are managed in accordance with laws, regulations, contracts, and rules related to information security established by the Group.
6.4 Availability of documented information
Documents and records created are stored with availability and kept available at all times. Whenever necessary, they are required by the regulations related to information security set forth by the Group and implemented by the responsible department.
6.5 Information Asset Classification
All information assets are properly classified and managed according to their importance.
6.6 Monitoring
We continuously monitor that all information assets are properly managed and that activities, including information security risk countermeasures, are properly operated.
6.7 Response to Information Security Incidents
We will establish an environment in which any event related to information security is promptly reported, and any reported event will be analyzed for causes and measures to prevent recurrence, including similar events, will be implemented.
6.8 ICT Continuity Management
Minimize ICT interruptions due to disasters, breakdowns, etc., and ensure ICT continuity.
6.9 Training
All directors and officers of the Group, all employees working for the Group, and employees of subcontractors regularly attend information security training required for their duties.
6.10 Compliance with various regulations and rules
All directors, officers, employees, and subcontractors working for the Group shall comply with the rules and regulations concerning information security.
6.11 Change Management
Significant changes in the ISMS are resolved by management approval and planned and implemented by the responsible department.
6.12 Compliance with legal and contractual requirements
All directors, officers, employees, and subcontractors working for the Group shall comply with all laws, regulations, contracts, and other requirements related to information security.
7. Liaison with professional organizations
The Group shall establish and maintain an appropriate liaison and communication system with research groups or conferences, associations and organizations related to information security.
8. Climate Change Measures
As part of our information security, we will work on climate change countermeasures.
8.1 Improving Infrastructure Durability
We will take measures to improve the durability of our infrastructure, including information systems and data handling environments, against disasters and extreme weather conditions caused by climate change.
8.2 Data Backup and Replication
Regular data backup and data replication will be performed to mitigate the impact of disasters and other events caused by climate change.
This ensures business continuity by preparing for data loss and outages.
8.3 Promoting Green IT
Implement green IT principles to improve the energy efficiency of information systems and infrastructure.
9. Notification
This document is to be made known to all directors, officers, employees and subcontractors working for the Group.
10. Penalties
Any director, officer, or employee of our group who violates this document or any regulations related to information security may be subject to disciplinary action in accordance with the employment regulations, depending on the degree of such violation.
With respect to employees of subcontractors, they shall be subject to breach of contract as a violation of individually stipulated agreements.
Shinichi Tamagami
CEO
Prestige International Inc.
July 1, 2024