NuFlare Technology regards information security as an important control item, has established a set of rules on information security, and proactively works to ensure information security.
NuFlare Technology regards information security as an important control item and has in place an information security management framework in which the president of the company is appointed as the “Chief Information Security Officer” and the head of each department as an “Information Security Officer.” The Chief Information Security Officer is given full control over the maintenance and management of information security and chairs the Information Security Committee, while the head of each department is responsible for information security in his or her department as an “Information Security Officer.” The roles and responsibilities of the Information Security Committee include establishing information security policies, constructing an operating structure for the maintenance of information security, and monitoring the operating status.
With a view to ensuring information security, NuFlare Technology has the “Information Security Officer” of each department perform periodic self-audits of how information has been controlled and handled in the department, in accordance with relevant rules and report the results to the “Chief Information Security Officer,” who will examine and evaluate the reported results, give improvement instructions when deemed necessary, and monitor the progress with improvement.
NuFlare Technology classifies information security control measures into four categories: “organizational,” “personal and legal,” “physical,” and “technical” measures.
|(1) Organizational measures:
Establish an organizational structure and rules
|・Periodic reviews of information security-related regulations
・Development and maintenance of structure
・Implementation of audits, etc.
|(2) Personal and legal measures:
Ensure adherence to rules
|・Regulation of information protection duties and disciplinary measures for breach of duties in rules of employment
・Provision of periodic employee education and training
・Contractor information security evaluation and conclusion of confidentiality agreements, etc.
|(3) Physical measures:
Support implementation of rules in terms of physical security
|・Carry-in/carry-out control of information devices
・Facility access control, room / facility entry control
・Locking of highly important information , etc.
|(4) Technical measures:
Support implementation of rules in terms of technology
|・Virus protection and hard disk encryption
・Obtaining and checking usage logs for information systems
・Appropriate management of network firewalls, etc.
With a view to ensuring information security, NuFlare Technology provides various information-security-related education programs, such as education based on the needs of different organizational levels and job functions (including those of new employees). It also provides all of its directors and employees with information-security-related education at regular intervals.
NuFlare Technology appropriately protects confidential information in accordance with its information security rules. The company stipulates that measures should be taken to prevent illegal acquisition of confidential information from outside the company and information of other companies must not be mixed with that of its own, in response to the Unfair Competition Prevention Act, while obtaining written pledges concerning confidentiality from all employees.
NuFlare Technology has developed a confidential information protection framework and designated information security roles and responsibilities, and it operates the framework in accordance with its information security rules. In the information security rules, the company stipulates that the “head of the department that has created/obtained information from third parties under duty of confidentiality or duty of care” should act as the “head of information owner department,” who plays an important role in the appropriate management of confidential information by evaluating the importance of information in terms of confidentiality, integrity, and availability, determines methods of handling information, and the like.
In the event of an information security incident, such as company information leakage or infringement of confidentiality outside the company, NuFlare Technology responds promptly in accordance with its information security incident reporting structure, and it devises necessary measures, such as an investigation into the cause and consideration of actions to prevent recurrence. In the case of an occurrence or potential occurrence of a serious leakage of confidential information that may entail a violation of laws or ordinances, the company implements measures such as disclosure in accordance with the applicable laws or ordinances.
As of the end of March 2016, there are no occurrences of leakage of important information owned by the company or other types of confidential-information-related incidents. NuFlare Technology will continue to make every effort to prevent any incidents related to information security from happening in the future.