- HOME <li><a href="https://www.access-company.com/en/company/">Company Profile</a></li>
- Information Security Policy
ACCESS Co., Ltd. and its affiliates (collectively, the “ACCESS Group”) are committed to the vision of using ACCESS technology to bring beneficial change to society. To fulfil this vision, ACCESS recognizes that the appropriate management of its information assets and the protection of such assets from various threats, including cyber-attacks, are priority management issues. The ACCESS Group complies with all laws, regulations, and agreements related to information security and maintains the confidentiality, integrity, and availability of its information assets by establishing, operating, maintaining, and improving information security management in accordance with the following policies.
The ACCESS Group will establish and operate a company-wide information security management organization to maintain and strengthen information security and to protect information assets through the formation of the Information Security Committee.
The ACCESS Group will regularly conduct a risk analysis of its information assets to identify threats and vulnerabilities. Based on the results of risk analysis, the ACCESS Group will take necessary countermeasures from technical, organizational, human, and physical perspectives. The countermeasures will be specified in guidelines and procedure manuals, and will be strictly observed.
The ACCESS Group will strive to foster awareness of information security by providing regular educational and awareness-raising activities on information security to all employees, including directors, permanent employees, contract employees, temporary employees, and part-time employees.
The ACCESS Group will strive to monitor the status of information security measures and require adequate information security controls in its supply chain, including external contractors and linked services.
In the event of an information security incident, The ACCESS Group will take immediate actions such as identifying the cause of the incident, identifying the scope of the impact, minimizing the damage, and will report and communicate appropriately to relevant parties, comply with laws and regulations, and formulate and implement measures to prevent recurrence. In the event of an incident related to products or services provided to customers, the ACCESS Group will promptly and appropriately provide information and support to customers.
The ACCESS Group will obtain the latest information from external sources and build mutual cooperative relations to contribute to the enhancement of security for society as a whole. In the event of an incident or other event requiring cooperative information sharing, the ACCESS Group will report the incident in a timely and appropriate manner to the relevant authorities, including regulatory agencies.
The ACCESS Group will regularly conduct internal and external audits to verify the effectiveness and conformity of its information security management. Based on the audit results, the ACCESS Group will review and improve its information security management.
The ACCESS Group will continually review and improve its information security management and cybersecurity measures in order to meet social requirements and technological changes related to information security. In addition, the management will regularly review the status, and take necessary actions such as formulating policies and targets and allocating resources.
ACCESS acquired certification in the international standard for information security management systems ISO/IEC 27001:2013 as well as JIS Q 27001:2014 on April 15, 2019.
A third-party agency has recognized the appropriateness of ACCESS's management system for information security and handling of information assets.
Going forward, ACCESS will continue to operate and enhance our information security management system to offer products and services that customers can use with peace of mind.
| Name | ACCESS CO., LTD. |
|---|---|
| Location | Head office Daito Building., 3 Kandaneribei-cho, Chiyoda-ku, Tokyo 101-0022, Japan |
| Certification | ISO/1EC 27001:2013/JIS Q 27001:2014 |
| Registration No. | IS 701050 |
| Certification Date | 2019/4/15 |
| Scope of Certification | The solution development and service provision of IoT business and Web platform business Statement of Applicability, issued on 06/Feb/2020, Version 1 |
IS 701050 /ISO27001:2013