Information Security Policy

  1. Purpose

    JARA Corporation (hereinafter referred to as "the Company") recognizes that protecting information assets is essential for promoting corporate activities based on social trust. Therefore, the Company establishes this Information Security Policy (hereinafter referred to as "this Policy") and implements, maintains, and improves an information security management system to ensure appropriate information security and protect information assets.

  2. Definition of Information Security

    • Confidentiality:
      • Protecting information assets from unauthorized access and ensuring they are not disclosed to unauthorized individuals, entities, or processes.
    • Integrity:
      • Protecting information assets from tampering or errors and maintaining their accuracy and completeness.
    • Availability:
      • Protecting information assets from loss, damage, or system downtime and ensuring they are available when needed.

  3. Scope of Application

    This Policy applies to all information assets managed by the Company, including electronic devices, electronic data, and paper media.

  4. Implementation Items

    • Information Security Objectives:
      • Establish and communicate information security objectives consistent with this Policy and applicable requirements, considering risk assessments and responses.
    • Handling of Information Assets:
      • Manage access rights, comply with legal and regulatory requirements, classify and manage information assets based on their importance, and continuously monitor their management.
    • Risk Assessment:
      • Conduct risk assessments, implement appropriate risk responses, and analyze the causes of information security incidents to prevent recurrence.
    • Business Continuity Management:
      • Minimize business interruptions due to disasters or failures and ensure business continuity.
    • Education:
      • Provide information security education and training to all employees.
    • Compliance with Regulations and Procedures:
      • Comply with the regulations and procedures of the information security management system.
    • Continuous Improvement:
      • Continuously improve the information security management system.

  5. Responsibilities and Obligations

    Top management is responsible for the information security management system, and employees within the scope of application are obligated to comply with the established regulations and procedures. Violations will be dealt with according to the employment regulations.

  6. Periodic Review

    The information security management system will be reviewed periodically and as necessary to maintain and manage it.