Information Security Policy
Meiden Engineering Corporation (‘the Company') provides maintenance technology services and one-stop service for client electrical equipment, semiconductor manufacturing equipment, mechanical equipment, and related equipment. These services are designed to help client equipment save energy, improve efficiency, extend service life, support equipment reuse and prevent equipment failure. Providing these services creates the need for better information security for important client information.
In recent years, the information security is surrounded by the threat, such as ransomware and targeted attacks, have become increasingly serious, therefore risk management to understand and manage security risks is becoming important.
1. Objectives of Company's information security activities
- (1)To control information security risks and improve the Company's reliability by continuously improving the Information Security Management System (ISMS) we have created.
- (2)To ensure business continuity through information security measures by analyzing and evaluating threats to information assets.
- (3)To prevent information leakage accidents or incidents involving client information or any other personal or business information.
- (4)To improve information security consciousness for a new working style.
2. Creating Information Security Management System, protecting assets
The Company has created an Information Security Management System (ISMS) involving the appointment of an Information Security Administrator and creation of an Administrative Office. A number of activities designed to protect client information and all other information assets handled during the course of business activities are carried out using the ISMS—specifying risk assessment methods based on risk, analyzing and assessing the importance and risks of information assets in terms of their confidentiality, completeness and utility, and setting goals and taking the proper response measures. All the management objectives and management measures the Company has is put to use to ensure and maintain the security of information assets.
3. Compliance with laws, regulations and standards
Policies and in-house rules conforming and complying with information security-related laws, regulations and standards have been created and are followed while accommodating contractual security obligations. These policies and in-house rules are periodically reviewed and ongoing improvements are made in response to changes in areas such as management policies, business descriptions, global trends, technology, laws or regulations.
4. Providing education and training
Company officers, Company employees and all staff members engaged in the Company's operations are provided with education and training in a proactive and organized manner to improve their awareness of information security and ensure compliance with laws, regulations, standards and in-house rules.
5. Preventing and handling information security incidents
The Company endeavors to prevent information security incidents from occurring. The Company promptly takes the proper measures in the event of incidents, including recurrence prevention measures. To ensure business continuity, a Business Continuity Plan that anticipates disasters and other emergency situations has also been created and is inspected as needed.