Basic Policy on Information Security
The Company and Pasona Group companies ("Pasona Group") shall provide services that earn the trust of and satisfy customers based on the corporate philosophy of solving society's problems. In order to achieve this philosophy and to properly maintain the information security of the Company's information assets, the Company formulates this "Basic Policy on Information Security" and shall work to strengthen its information security infrastructure through the implementation of information security management.
- Basic statement
In the implementation of the Information Security Management System, Pasona Group shall protect the information assets handled by Pasona Group from all threats, whether internal or external, intentional or accidental.
- Information security management system
- A CSIRT* will be established to establish, maintain, and manage the information security system.
- We will establish Information Security Management Regulations to take necessary measures to ensure information security.
* Computer Security Incident Response Team: A generic name for an organization that deals with computer security incidents
- Basic principles of information security
- We will take appropriate technical measures to prevent unauthorized intrusion, leakage, falsification, destruction, leakage, or interference with the use of our information assets.
- In the unlikely event that an information security problem should occur with our information assets, we will promptly investigate the cause of the problem and strive to minimize the damage.
- Pasona Group shall take all necessary precautions to ensure that the use of particularly important information assets is not interfered with.
- Each and every Pasona Group employee shall strive to avoid becoming a perpetrator in the current internet society. Pasona Group shall continuously implement the above activities and establish an information security management system that is capable of responding to new threats.
- Information security education
Pasona Group shall provide all Group employees with the necessary information security training to ensure that they are fully aware of the basic policies and regulations and to improve their literacy.
- Compliance with laws and regulations
Pasona Group shall comply with all applicable domestic and international laws, regulations, and guidelines.
- Continuous improvement
Pasona Group shall review this policy, related rules, and procedures and shall periodically evaluate the implementation status of information security measures in order to continuously improve information security.
May 1, 2017
Pasona Group Inc.
Group CEO
Yasuyuki Nambu
Third-party certification
To ensure appropriate and safe information management, the IT divisions of the Company have acquired third-party certifications such as ISO27001, which is an international standard for information security management systems (ISMS), and PrivacyMark, which is a certification system for personal information protection systems, and are working to build a high-quality information management system.
Information Security System
Information Security Management System
We will continue to strengthen information security as an important management issue, as we consider the promotion of DX and cybersecurity measures to be two wheels of our company philosophy.
As an organization to promote our security measures, we have formed a company-wide Information Security Subcommittee, which includes the Group DX Headquarters, which is responsible for DX promotion, and the Information Security Management Office, which is responsible for corporate governance, in order to thoroughly implement our information security policies and operations.
Security governance
The following efforts are made to protect the information assets that we handle from all threats through the implementation of information security management.
Pasona-CSIRT
This is a virtual organization to respond to Pasona Group information security incidents. Created to ensure a company-wide response in the event of a security incident, the Information Security Management Office takes the lead in activating the Pasona-CSIRT, which works with each department to bring the incident to an early conclusion.
Information Security Liaison Committee
The Company convenes its Information Security Liaison Committee for Pasona Group subsidiaries on a regular basis to share important information on security and to conduct various security training programs to ensure thorough security management.