ACCESS Co., Ltd. and its affiliates (collectively, the “ACCESS Group”) aim to become an innovative leader in providing software, solutions and services to customers to enable beneficial changes in society through the use of ACCESS technologies. For the purpose of achieving these goals, the ACCESS Group possesses valuable information assets of its own and of its customers. In order to achieve more effective operations and higher customer satisfaction, the ACCESS Group must safeguard such information from improper disclosure or misuse. This Policy is to further such goals.
The ACCESS Group handles software source code and technical information derived from research and development activities; business and technical information received from customers; personal information about employees and end-users for certain services; and other valuable and confidential information. Under various laws and contractual agreements, ACCESS must takes steps to prevent any improper release or dissemination of such information. The purpose of this Policy is to institute high-level policy and procedures to accomplish the protection of such information.
Therefore, the ACCESS Group hereby declares that information security is an important strategy in achieving its goals and enacts its fundamental information security policy, as described below, and will continue to work towards secure and proper possession, utilization and administration of information assets.
The ACCESS Group is committed to continually reviewing and updating its policies and procedures. This Policy, therefore, is subject to modification. This Policy supersedes all other ACCESS Group codes, policies, procedures, instructions, practices, rules or written or verbal representation to the extent that they are inconsistent.
The ACCESS Group will establish an Information Security Committee with the Chief Information Officer as its head. The Information Security Committee will study, plan and implement measures for information security. The Information Security Committee will be responsible for setting internal standards, rules and procedures.
The information that is subject to this Policy includes, without limitation, all information, data, materials, and software programs, whether in writing, electronic or other format that are owned by the ACCESS Group, or under the control of the ACCESS Group and belonging to any employee, agent, customers, or business partner of the ACCESS Group. All ACCESS Group employees, whether full or part-time, contractors, officers, directors or any other agent or representative who has access to or is making use of any confidential information on behalf of the ACCESS Group, is subject to this Policy.
The Information Security Committee will determine a mechanism for the classification of all information assets in the possession or under the control of the ACCESS Group. For each classification level, the Information Security Committee will set out guidelines for control measures for handling confidential and proprietary information. The classification will take into account levels of importance and risk. The Information Security Committee will apply, as necessary, regional changes to this Policy, or any procedures or measures arising from this Policy, to account for local laws, customs and practices.
The ACCESS Group will continually provide all of its employees with education and training relating to information security. The ACCESS Group will promote an internal corporate culture that values protection of proprietary and confidential information and the respect for the confidential and proprietary information of customers, employees and business partners.
In each geographic region in which the ACCESS Group operates, there are laws, regulations, orders, and other rules imposed by governmental or regulatory bodies with regard to the handling of information (collectively, “Laws”). The ACCESS Group is committed to complying with the Laws in countries in which it operates and the Information Security Committee will take steps to identify relevant Laws for each region and modify this Policy or any procedures or rules for that region to ensure compliance.
The Information Security Committee will establish a general response plan in the event of a breach of security. Should an information security incident occur, the ACCESS Group will promptly respond to the incident to prevent the increase of damage. Subsequently, the Information Security Committee will review and evaluate the incident and propose any necessary policy or procedural changes to avoid a repeat of the incident.
Non-compliance with or a breach of any of the provisions of this Policies or any of the procedures implemented to ensure compliance with the goals of this Policy may result in action by the ACCESS Group up to and including termination of any employee, whether full or part-time, contractors, officers, directors or any other agent, and as determined by officers or directors of the ACCESS Group, may include legal action for any damages arising from the gross negligence or willful misconduct of any employee, contractor, officer, director or any other agent.
ACCESS acquired certification in the international standard for information security management systems ISO/IEC 27001:2013 as well as JIS Q 27001:2014 on April 15, 2019.
A third-party agency has recognized the appropriateness of ACCESS’s management system for information security and handling of information assets.
Going forward, ACCESS will continue to operate and enhance our information security management system to offer products and services that customers can use with peace of mind.
|Name||ACCESS CO., LTD.|
|Certification||ISO/1EC 27001:2013/JIS Q 27001:2014|
|Registration No.||IS 701050|
|Scope of Certification||Development of solutions and provision of services in IoT and digital publishing businesses
Statement of Applicability, Version 1 published on March 2, 2018