Information security efforts

Information Security

As the company in charge of ICT for JR East and its group companies, we handle many information assets. For this reason, the potential for information security incidents/accidents poses a large risk to a wide range of clients. In order to protect those assets from information security incidents/accidents, we have established this Basic Policy, require all executive officers, regular employees, contract workers and other temp staff to remain mindful of the importance of information security, and follow the practices listed below. In doing so, we strive to live up to the trust placed in us by our clients.

１．Compliance: We shall comply with all laws and norms governing information security.

２．Development of system for promoting information security: We shall develop a system for clearly defining information security responsibilities and implementing security measures.

３．Development of related rules: We shall develop rules based on this Basic Policy and comply with them.

４．Protection of Information assets: We shall implement organizational, personnel, and technical measures for protecting information assets from leaks, theft, loss, destruction, and other risks.

５．Data security measures for information security: We shall strive to protect information systems from fraudulent activity by implementing information security measures tailored to the characteristics of each system.

６．Response to information security incidents/accidents: In the event that a information security incident or accident occurs, we shall promptly take emergency action, identify the cause, and implement permanent countermeasures, and otherwise strive to prevent recurrence.

７．Management of third-party contractors: In the event that we outsource operations to a third-party service provider, we shall vet the provider’s qualifications, enter into any agreements necessary for confidentiality, etc., and require them to maintain security at a level at least equivalent to our own standards.

８．Training: We shall provide continued training to further strengthen personnel’s information security knowledge and awareness, so as to promote proper handling of information assets.

９．Continued efforts for maintenance and improvement: We shall monitor the implementation of information security measures carried out under this Basic Policy, and shall continue endeavoring to maintain and improve those measures.

Enacted on December 1, 2003

Revised on February 1, 2015

Certified Information Security Management
System (ISMS)

JEIS introduced an Information Security Management System (ISMS), acquiring company-wide ISMS certification in June 2005.
In July 2009, we established an information security policy that specifically sets down rules employees should adhere to in their day-to-day work, and actions are taken according to the policy.
We also are making efforts to improve the quality, reliability, and information security of the system and to achieve customer satisfaction and secure their trust. In addition, we are working to further develop high-quality systems and provide operations services.