Effort on Information Security management system｜Computer Management Company Limited(CMK)

1. Effort for Information Security Management System

We recognize that securing information security is an important issue in our business activities. Based on this idea, in order to ensure that customers can use our information services, we will use iso/IEC 27001:2013 (JIS Q 27001:2014) to establish the certification standard for information security management systems. We have established an information security system in accordance with laws and regulations concerning the protection of personal information, management system requirements for the protection of personal information (JIS Q 15001:2006), internal regulations.

2. Basic Policy on Information Security

We will carry out our business activities that are secure and trusted by our customers and related parties. We do recognize that to protect our information assets from any threat is our main responsibility. Here, we declare that we will improve a basic policy on information security.

1. Scope of information assets: We cover all information we receive from our customers, including information we have acquired in our business activities.

2. Information Security Management System: We will establish an Information Security Committee to actively promote activities related to information security.

3. Compliance with laws and regulations: We ensure that we are compliance with information security laws, regulations, and contractual requirements.
For an information security incident, we will identify the cause, respond to the problem, and prevent the expansion of the scope of influence.

4. Education on Information Security: We educate all the importance of assets information and information security to our employees, and strive to prevent information security accidents such as leakage and falsification.

5. Maintaining Information Security Management: We regularly analyze the risks of information and continuously improve information security by taking preventive and corrective action.

Established: November 7, 2008
Last revised: October 1, 2011
Computer Management Co., Ltd.
Katsuaki Takenaka, President

3. Development of information security management system

(1) Acquired ISO27001 certification

On May 22, Heisei 2009, we obtained ISO27001 certification from the Japan Quality Assurance Organization (JQA).
（ISO／IEC 27001:2013 (JIS Q 27001:2014)

(2) Acquired privacy mark certification

On April 7, Heisei 2005, we obtained the "Privacy Mark" from Japan Information Processing Development Association (JIPDEC) . The "Privacy Mark“ is given to companies that handle personal information appropriately.