ATEAM

About Us

Businesses

News

Investor Relations

Sustainability

Contact Us

日本語 icon-arrow-right

About Us

About Us Top Page arrow-small

Corporate Philosophy arrow-small

Message from the President arrow-small

Executive Team arrow-small

Company Overview / Locations arrow-small

History arrow-small

Businesses

Businesses Top Page arrow-small

Entertainment arrow-small

Media Solutions arrow-small

D2C arrow-small

News

News Top Page arrow-small

Corporate News arrow-small

News for Investors arrow-small

Service News arrow-small

Investor Relations

Investor Relations Top Page arrow-small

Corporate Strategy arrow-small

IR Materials arrow-small

Financial Highlights arrow-small

Stock and Dividends arrow-small

News for Investors arrow-small

Sustainability

Sustainability Top Page arrow-small

Stakeholder Engagement arrow-small

SDGs arrow-small

Human Resources Development arrow-small

Personnel Development arrow-small

Diversity arrow-small

Health And Safety arrow-small

Training And Support arrow-small

Donations arrow-small

Contributions To The Industry arrow-small

Basic Policy for Information Security arrow-small

Other Initiatives arrow-small

採用情報

RECRUIT

採用情報トップ blank

採用ニュース blank

トップメッセージ blank

インタビュー blank

数字で見るエイチーム blank

オフィスツアー blank

新卒採用 blank

中途採用 blank

インターン blank

Security Policy Security Policy

Security Policy

  1. 1. Objective

    The objective of this Security Policy is to establish a basic policy on data security measures, which are intended to achieve information security through prevention of falsification, leaking, and unauthorized access of information assets.

  2. 2. Definition of Information Security

    Information security is the protection of information assets against a variety of assumed threats, the guarantee of their confidentiality, reliability, and authenticity, and the maintenance of their integrity, availability, accountability, and non-repudiation.
    The three major threats to information assets are as follows:

    1. (1) Natural threats:

      Earthquakes, fire, typhoons, flooding, etc.

    2. (2) Human threats:

      Unauthorized removal of information assets, theft of personal computers, computer operator mistakes, etc.

    3. (3) System threats:

      Hardware breakdowns, software bugs, etc.

    Information assets must be preserved in terms of the following seven facets.

    1. (1) Confidentiality:

      Restriction of the ability to access information assets to authorized users only (i.e., prevention of information leakage)

    2. (2) Integrity:

      Accuracy of the content of information assets (i.e., prevention of the intentional falsification or accidental alteration of information, etc.)

    3. (3) Availability:

      Ability to access information assets by authorized users when necessary (i.e., the ability to access information even when there is external system interference or when system breakdowns occur, etc.)

    4. (4) Reliability:

      Ensuring that systems behave consistently as designed, and that information, when used, provides outcomes that are intended and accurate (i.e., preventing unexpected issues and errors while securing consistent information processing)

    5. (5) Authenticity:

      Ability to reliably verify that information, users, or systems are legitimate (i.e., prevention of impersonation, unauthorized access, and information spoofing while ensuring information asset authenticity)

    6. (6) Accountability:

      Ability to uniquely identify those who perform actions with information assets and to keep and trace records of their activities (i.e., for supporting an investigation of the cause and scope of impact of an incident)

    7. (7) Non-Repudiation:

      Preventing a person who performed a certain operation or process from refuting the fact at a later point (i.e., securing evidence that proves that the person acted in a way that cannot be erased or tampered with)

    While the object of information security is of course digital information, information security also covers all types of information and mediums of its transmission, including computers and storage mediums, printed materials, other forms of non-verbal information possessed by individuals, recordings, etc.

  3. 3. Range of Application

    The range of application of the Information Security Policy is as follows. In addition, external contractors must comply with all our regulations and manuals, including this policy, as well as maintain confidentiality and protect personal information in accordance with the stipulations set forth in their contracts.

    1. (1) Directors and employees of Ateam Holdings Co., Ltd. and its subsidiaries (Including part-time and temporary staff)

    2. (2) Directors and employees of external contractors (Including part-time and temporary staff)

  4. 4. Business Continuity Management

    In the event of information security-related incidents, system failures, and natural disasters that could damage information assets and disrupt business functions, we will act quickly to recover and restore information assets.

Basic Information Security Policy

Appropriate risk management covering ever-changing risks and unexpected events is conducted with the aim of continuously maintaining and improving information security. Furthermore, regular audits of information security are conducted to ensure the effective functioning of information security measures. Taking into consideration the risks of unexpected information security accidents occurring, the implementation of resolution strategies and the investigation into evasive strategies are made clear in advance.

  1. 1. Information Security Management System

    In order to manage information assets effectively, an information security support system and information security responsibility system have been established.

  2. 2. Classification and Management of Information Assets

    In order to ensure appropriate information asset management, information assets are classified according to degree of importance, and methods for handling these assets according to degree of importance are stipulated.

  3. 3. Human Resources Security

    Employees are actively trained in accordance with company regulations and the company manual in order to develop companywide understanding of individual roles and responsibilities and the measures that must be carried out when fulfilling them. In addition, management of employees joining and leaving the company is conducted carefully and professionally in line with appropriate procedure.

  4. 4. Physical Security

    To prevent unauthorized access, interference with business operations, and the theft or damage of information assets by a third party, appropriate physical protection measures are carried out in every area at the respective company buildings and offices.

  5. 5. Security from Unauthorized Access

    Appropriate protective measures are actively exercised to prevent unauthorized access via external networks.

  6. 6. System Security

    Measures to ensure information security regarding the maintenance, development and use of networks and systems are constantly exercised.

  7. 7. Business Continuity Management

    In preparation for damage to information assets or the immediate halt of business operations caused by possible information security breech incidents, information systems damages, natural disasters, etc., contingency plans are in place and are constantly reconsidered and reworked for smooth resumption of operations.

  8. 8.Compliance with Regulations

    Compliance with all laws, regulations and manuals is continually ensured for the sound execution of business.

  9. 9. Revision

    The Security Policy is reviewed annually and revisions are made when warranted to ensure optimal safety and security.

Enacted: May 16, 2012
Amended: Aug 1, 2025