Information Security Policy
TMJ, Inc. (hereinafter referred to as “Company”) shall continue to improve the services entrusted by the clients with a scientific and engineering approach, and contribute to achieving their business goals with outstanding expertise.
he Company recognizes that protecting information security and information systems (hereinafter referred to as information assets) required for achieving the business goals is the most crucial management issue related to the existence of the Company.
As a member of the SECOM Group, the Company shall establish the information security targets based on the management philosophy and steadily implement the information security control measures to provide the clients with a sense of security and reliability and aim to achieve the corporate value improvement by continuous and stable business operations.
In order to make all employees recognize the importance of information security at the Company and to protect the information assets, the Company shall establish the following basic policies.
- The Company shall implement appropriate control measures from the viewpoint of confidentiality, integrity and availability in order to protect the information related to the business activities. Confidential information on the clients, personal information on the end users, personal information on the employees and confidential information on the know-how of the Company will be positioned as particularly important information to ensure security.
- The Company shall comply with the laws and other norms on information security and privacy protection, and adopt the international norms in regard to the information security management based on the overseas business development spread over multiple countries. In addition, the Company shall establish information security regulations to ensure information security and reflect the operational, legal, and regulatory requirements, as well as the information security obligations and penalties at the time of violation under the contract to the regulations.
- Handling of information is only permitted when qualified persons are recognized and there is absolute necessity, and the Company shall strictly operate in accordance with this principle.
- The information security environment is constantly changing. The Company shall continue to improve the information security management to respond to this change. In addition, the Company recognizes that abandoning vulnerabilities will increase the risk of information protection, therefore the Company shall constantly respond to new vulnerabilities.
- According to the recognition that deep understanding and participation of all the members belonging to the organization is indispensable for the information security management, the Company shall not only conduct appropriate education and training for all the employees, but also continuously carry out effective enlightenment activities, such as confirming the degree of comprehension and measures for raising awareness of the employees.
Enacted on: October 29, 2003
Revised on: April 1, 2018
President Hideki Maruyama