Effort on Information Security management system

Effort on Information Security management system

CMK is committed to improve information Security

1. Effort for Information Security Management System

We recognize that securing information security is an important issue in our business activities. Based on this idea, in order to ensure that customers can use our information services, we will use iso/IEC 27001:2013 (JIS Q 27001:2014) to establish the certification standard for information security management systems. We have established an information security system in accordance with laws and regulations concerning the protection of personal information, management system requirements for the protection of personal information (JIS Q 15001:2006), internal regulations.

2. Basic Policy on Information Security

We will carry out our business activities that are secure and trusted by our customers and related parties. We do recognize that to protect our information assets from any threat is our main responsibility. Here, we declare that we will improve a basic policy on information security.

1. Scope of information assets
We cover all information we receive from our customers, including information we have acquired in our business activities.
2. Information Security Management System
We will establish an Information Security Committee to actively promote activities related to information security.
3. Compliance with laws and regulations
We ensure that we are compliance with information security laws, regulations, and contractual requirements.
For an information security incident, we will identify the cause, respond to the problem, and prevent the expansion of the scope of influence.
4. Education on Information Security
We educate all the importance of assets information and information security to our employees, and strive to prevent information security accidents such as leakage and falsification.
5. Maintaining Information Security Management
We regularly analyze the risks of information and continuously improve information security by taking preventive and corrective action.

Established: November 7, 2008
Last revised: October 1, 2011
Computer Management Co., Ltd.
Katsuaki Takenaka, President

3. Development of information security management system

(1) Acquired ISO27001 certification

On May 22, Heisei 2009, we obtained ISO27001 certification from the Japan Quality Assurance Organization (JQA).
(ISO/IEC 27001:2013 (JIS Q 27001:2014)

(2) Acquired privacy mark certification

On April 7, Heisei 2005, we obtained the "Privacy Mark" from Japan Information Processing Development Association (JIPDEC) . The "Privacy Mark“ is given to companies that handle personal information appropriately.