Security Policy Security Policy

Security Policy

  1. 1. Objective

    The objective of this Security Policy is to establish a basic policy on data security measures, which are intended to achieve information security through prevention of falsification, leaking, and unauthorized access of information assets.

  2. 2. Definition of Information Security

    Information security is the maintenance of the confidentiality, integrity, and availability of information assets against a variety of assumed threats.
    The three major threats to information assets are as follows:

    1. (1) Natural threats:

      Earthquakes, fire, typhoons, flooding, etc.

    2. (2) Human threats:

      Unauthorized removal of information assets, theft of personal computers, computer operator mistakes, etc.

    3. (3) System threats:

      Hardware breakdowns, software bugs, etc.

    Information assets must be safeguarded from the following three perspectives:

    1. (1) Confidentiality:

      Restriction of the ability to access information assets to authorized users only (i.e., prevention of information leakage)

    2. (2) Integrity:

      Accuracy of the content of information assets (i.e., prevention of the intentional falsification of information and the mistaken alteration of information, etc.)

    3. (3) Availability:

      Ability to access information assets by authorized users when necessary (i.e., the ability to access information even when there is external system interference or when system breakdowns occur, etc.)

    While the object of information security is of course digital information, information security also covers all types of information and mediums of its transmission, including computers and memory, printed material and other paper-based formats, information contained in human memory, spoken information, etc.

  3. 3. Range of Application

    The range of application of the Information Security Policy is as follows. External contractors must comply with all Ateam regulations and manuals including the Basic Security Policy, as well as preserving confidentiality and protecting personal information in accordance to the work agreements stipulated when carrying out the work contracted to them.

    1. (1) Directors and employees of the Company

    2. (2) Directors and employees of external contractors

Basic Information Security Policy

Appropriate risk management covering ever-changing risks and unexpected events is conducted with the aim of continuously maintaining and improving information security. Furthermore, regular audits of information security are conducted to ensure the effective functioning of information security measures. Taking into consideration the risks of unexpected information security accidents occurring, the implementation of resolution strategies and the investigation into evasive strategies are made clear in advance.

  1. 1. Information Security Management System

    In order to manage information assets effectively, an information security support system and information security responsibility system have been established.

  2. 2. Classification and Management of Information Assets

    In order to ensure appropriate information asset management, information assets are classified according to degree of importance, and methods for handling these assets according to degree of importance are stipulated.

  3. 3. Human Resources Security

    Employees are actively trained in accordance with company regulations and the company manual in order to develop companywide understanding of individual roles and responsibilities and the measures that must be carried out when fulfilling them. In addition, management of employees joining and leaving the company is conducted carefully and professionally in line with appropriate procedure.

  4. 4. Physical Security

    To prevent unauthorized access, interference with business operations, and the theft or damage of information assets by a third party, appropriate physical protection measures are carried out in every area at the respective company buildings and offices.

  5. 5. Security from Unauthorized Access

    Appropriate protective measures are actively exercised to prevent unauthorized access via external networks.

  6. 6. System Security

    Measures to ensure information security regarding the maintenance, development and use of networks and systems are constantly exercised.

  7. 7. Business Continuity Management

    In preparation for damage to information assets or the immediate halt of business operations caused by possible information security breech incidents, information systems damages, natural disasters, etc., contingency plans are in place and are constantly reconsidered and reworked for smooth resumption of operations.

  8. 8.Compliance with Regulations

    Compliance with all laws, regulations and manuals is continually ensured for the sound execution of business.

  9. 9. Revision

    The Security Policy is reviewed annually and revisions are made when warranted to ensure optimal safety and security.

Enacted: May 16, 2012