Basic policy on information security

  1. Purpose
    It has been over twenty years since System Friend Inc. (hereinafter “we”) established, E-commerce, xR, Medical/Welfare has been settled as three pillars of our company.

    In E-commerce development, we have contracted business relating to national projects, and we are getting required to security response to such significant projects. Also, xR development has chances to be provided technical secret information for our corporate clients by the nature of software development that realize near-future experience.

    Moreover, in Medical/Welfare development, it is getting involved in institutions required diligently information management such as hospitals and universities as well as normal to handle privacy-sensitive information.

    In these situations, we think that information security management is one of the significant issues in order to enhance our business, provide safety and convenience services to our customers, and carry out our duties properly and perfectly. Therefore, we will formulate, implement and continuously improve “Basic policy on information security” for the purpose of protecting our information assets from all kinds of threads.

  2. Definition of information security
    Information security is to ensure and maintain confidentiality, authenticity and availability.
    • Confidentiality: characteristic of being unavailable and private information against non- authorized individuals, entity (organizations) or processes. (To prevent information from leakage or unauthorized access)
    • Authenticity: characteristic to protect correctness or authenticity of assets. (To prevent from alteration or errors in information)
    • Availability: characteristic when authorized entity (organizations) requires, it is available for access or use. (To prevent from loss and corruption of information or outage)

  3. Implement actions
    • Information security management system will be implemented, established, operated, reviewed, maintained and improved in order to prevent all information assets of applicable scope from threads such as leakage, unauthorized access, alteration, loss or damage.
    • We shall observe related laws and regulations as well as contractual requirements to the handling information assets.
    • We will formulate prevention and recovery procedure and periodic review of the procedure so that business disruption cannot be occurred by a critical failure or disaster.
    • We shall prepare and provide information security education and training programs to all employees.

  4. Responsibility, obligations and penalty
    • The representative director shall be responsible for information security; therefore, the representative director provides all employees with required assets.
    • All employees are under obligation to keep our clients’ information.
    • All employees must obey the procedure formulated to maintain the policy.
    • All employees are responsible for reporting accidents and vulnerabilities against information security.
    • We shall refer to work regulation to determine a disposition against an employee in the event he/she undermines any clients’ information or information assets handled.

  5. Periodic review
    Reviewing of information security management systems will be periodically implemented with environmental change.
Enacted  November 12, 2018
Revised  July 1, 2022
System Friend Inc.
representative director, Toshio Asayama