In relation to appropriate handling of information and assets, the TechnoPro Group’s Code of Conducts stipulates strict corporate management of confidential information of customers in accordance with domestic and international laws and corporate rules. Therefore, we are urging employees to pursue the compliance with our internal rules regarding information security, appropriate use of information systems network and recording devices as well as taking appropriate measures against unauthorized external access and intrusion.
Organization of Information Security
Chief Information Security officer is served by a president & CEO, and IT infrastructure department oversees planning, operation, management, and employee support of server applications, storage, backup systems, data center, and IT networks in line with Information Security Policies and IT Governance. IT infrastructure department is also responsible for strengthening and improving IT infrastructure platforms and measures against information security.
Furthermore, IT infrastructure team leads a central role to organize TechnoPro-CSRIT which manages preventive measures against damages from security incidents and improvement of our emergency response capabilities for the whole entire Group.
As a system to promote Enterprise Risk Management (ERM) for the whole Group, we have built a framework and process to recognize risks which could have impacts on the achievement of our strategies or business targets for both upsides and downsides, and manage them appropriately as a whole group. The ERM committee recognizes the protection of personal information and information security as a risk, and takes measures and keeps monitoring.
Information Security Measures
In relation to our measures for information security, we follow information systems management rules, and take necessary measures for client devices such as PC, network, servers, and edge. The status of measures has been checked and audited by external experts annually. This security audit is a combination of an automatic diagnosis and a manual diagnosis conducted by examiners, and in this audit, security diagnosis to Web applications and Active Directories as well as penetration tests are conducted. If any vulnerability is detected by the audit, we will respond as soon as possible.
Information Security Training
Employee portal stipulates relevant rules about information security, and it is always accessible. We also provide sustainability training for all employees at joining the company and make efforts to penetrate it among them. The training extensively covers topics of compliance, ethics, human rights, prevention of corruption, environments, as well as protection of personal information, information security, proper handling of information devices, compliance of clients’ rules for dispatched staff, prohibition of use of personal information devices for business use, and guidance about SNS usages such as what they need to be aware of when using the SNS.
Encouragement of acquiring qualifications
In order to build a system to respond to cyber security risks, we encourage our employees to acquire the qualification for Registered Information Security Specialist, a government certification, by granting a benefit to the qualified employees. 47 have been qualified as of Dec, 2021.
The TechnoPro Group is aware of the importance of personal information protection and works to protect personal information in accordance with laws.
-Guidelines for the Proper Handling of Specific Personal Information
TechnoPro Group is firmly committed to information security and privacy and conducts comprehensive training to ensure that all employees possess a high level of understanding of information security and recognize its importance. Where employees are contracted to work onsite at a client’s place of business, they receive additional education and training to ensure that they comply with the client’s in-house information security rules. In addition, TechnoPro Group has strict operational regulations in place at each group company to ensure that the personal and confidential information of our clients is protected and information leaks are prevented.
The TechnoPro Group recognizes the proper management of information assets as an important management matter. The group has established this Information Security Policy for the purpose of ensuring improved information security standards for the group on an organized and ongoing basis.
2. Information Security Structure
The TechnoPro Group holds regular CSR Committee meetings which include discussions of the status of information security management within the TechnoPro Group. The CSR Committee implements information security policies, engaging in the appropriate and practicable management of information assets. In so doing, the group ensures the objective, systematic understanding of information security risks, establishing a structural system for informational security.
3. Compliance with Legal Statutes
All TechnoPro Group officers, employees (including part-time employees and temporary employees), and employees of affiliated companies obey the law related to information security, other standards, this Information Security Policy, and other internal rules related to information security.
4. Training and Education
All TechnoPro Group officers, employees (including part-time employees and temporary employees), and employees of affiliated companies receive regular and as-needed training and education on an ongoing basis to ensure the performance of duties reflecting literacy in information security.
5. Implementation and Ongoing Improvement
The TechnoPro Group engages in regular and as-needed audits (when required by major change) to ensure compliance with this policy in the performance of the group’s duties and to ensure this policy is functioning effectively. The group conducts regular reviews of this policy and other internal rules, endeavoring for ongoing improvement in information security.
Published: July 1, 2014
Revised: May 1, 2015