NuFlare Technology regards information security as an important control item, has established a set of rules on information security, and proactively works to ensure information security.
- NuFlare Technology will control all information that is handled by directors and employees in the course of conducting business in an appropriate manner.
- NuFlare Technology shall respect proprietary information and maintain corporate information as confidential, and prohibit disclosure or improper use of corporate information.
- NuFlare Technology shall assure the proper protection of personal data throughout their business activities.
Information Security Management Framework
NuFlare Technology regards information security as an important control item and has in place an information security management framework in which the president of the company is appointed as the “Chief Information Security Officer” and the head of each department as an “Information Security Officer.” The Chief Information Security Officer is given full control over the maintenance and management of information security and chairs the Information Security Committee, while the head of each department is responsible for information security in his or her department as an “Information Security Officer.” The roles and responsibilities of the Information Security Committee include establishing information security policies, constructing an operating structure for the maintenance of information security, and monitoring the operating status.
Information Security Checks and Audits
With a view to ensuring information security, NuFlare Technology has the “Information Security Officer” of each department perform periodic self-audits of how information has been controlled and handled in the department, in accordance with relevant rules and report the results to the “Chief Information Security Officer,” who will examine and evaluate the reported results, give improvement instructions when deemed necessary, and monitor the progress with improvement.
Information Security Measures
NuFlare Technology classifies information security control measures into four categories: “organizational,” “personal and legal,” “physical,” and “technical” measures.
- The purpose of “organizational” control is to construct and maintain a framework to implement the PDCA (Plan-Do-Check-Action) cycle by making structural improvements and following the procedure of developing, implementing, auditing, and reviewing control measures.
- “Personal and legal” control involves obtaining written pledges from regular and temporary employees and concluding non-disclosure agreements with business partners in relation to company information of NuFlare Technology and preventing infringements of rights caused by mixing of information in relation to information of other companies.
- For “physical” and “technical” control, NuFlare Technology categorizes company information in accordance with the level of confidentiality. It implements different control measures for different categories, including selecting appropriate storage facilities and recording media and restricting access to information. How company information should be handled is determined in detail through “physical” measures, while security control standards are established for information equipment through “technical” measures.
|(1) Organizational measures:
Establish an organizational structure and rules
|・Periodic reviews of information security-related regulations
・Development and maintenance of structure
・Implementation of audits, etc.
|(2) Personal and legal measures:
Ensure adherence to rules
|・Regulation of information protection duties and disciplinary measures for breach of duties in rules of employment
・Provision of periodic employee education and training
・Contractor information security evaluation and conclusion of confidentiality agreements, etc.
|(3) Physical measures:
Support implementation of rules in terms of physical security
|・Carry-in/carry-out control of information devices
・Facility access control, room / facility entry control
・Locking of highly important information , etc.
|(4) Technical measures:
Support implementation of rules in terms of technology
|・Virus protection and hard disk encryption
・Obtaining and checking usage logs for information systems
・Appropriate management of network firewalls, etc.
Information Security Education
With a view to ensuring information security, NuFlare Technology provides various information-security-related education programs, such as education based on the needs of different organizational levels and job functions (including those of new employees). It also provides all of its directors and employees with information-security-related education at regular intervals.
Confidential Information Protection Policy
NuFlare Technology appropriately protects confidential information in accordance with its information security rules. The company stipulates that measures should be taken to prevent illegal acquisition of confidential information from outside the company and information of other companies must not be mixed with that of its own, in response to the Unfair Competition Prevention Act, while obtaining written pledges concerning confidentiality from all employees.
Confidential Information Protection Framework
NuFlare Technology has developed a confidential information protection framework and designated information security roles and responsibilities, and it operates the framework in accordance with its information security rules. In the information security rules, the company stipulates that the “head of the department that has created/obtained information from third parties under duty of confidentiality or duty of care” should act as the “head of information owner department,” who plays an important role in the appropriate management of confidential information by evaluating the importance of information in terms of confidentiality, integrity, and availability, determines methods of handling information, and the like.
Response to Incidents related to Confidential Information
In the event of an information security incident, such as company information leakage or infringement of confidentiality outside the company, NuFlare Technology responds promptly in accordance with its information security incident reporting structure, and it devises necessary measures, such as an investigation into the cause and consideration of actions to prevent recurrence. In the case of an occurrence or potential occurrence of a serious leakage of confidential information that may entail a violation of laws or ordinances, the company implements measures such as disclosure in accordance with the applicable laws or ordinances.
Incidents related to Confidential Information
As of the end of March 2022, there are no occurrences of leakage of important information owned by the company or other types of confidential-information-related incidents. NuFlare Technology will continue to make every effort to prevent any incidents related to information security from happening in the future.