INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS)

INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS)

For VALTES CO.,LTD, information data (including information content and information systems) are the most important asset of the company for conducting its business activities (software testing services, content testing services, test consulting services etc.) and for generating value. VALTES CO.,LTD also has a moral obligation to society to protect information, which therefore must be safeguarded by the most reliable means possible.
We are fully aware that the trust of our customers depends on the fact that we reliably protect information in our care from any security threat and handle that information in an appropriate and safe manner.

1. VALTES CO.,LTD shall create and maintain an Information Security Management System (ISMS) as a framework that clearly defines the management's stance with regard to security and specifies courses of action designed to ensure that information assets are always kept confidential, complete, and accessible for the respective purpose, and that their continued effectiveness shall be assured.

2. In order to properly implement the ISMS, VALTES CO.,LTD shall designate a management representative in charge of information security and form an information security committee. The organizational structure of each department of the company shall be modified as required for implementation of the ISMS.

3. In order to keep risks to the information assets handled by VALTES CO.,LTD to an acceptable level, proper risk management procedures and evaluation procedures shall be put in place, and proper measures to minimize risks shall be taken.

4. All contractual obligations to customers as well as legal obligations and regulations shall be strictly observed.

5. Security targets shall be defined, and suitable measures shall be taken to achieve the targets.
(1) When creating the business plan at the start of the financial year, annual security targets shall be identified.
(2) These targets must be attainable, and it must be possible to qualitatively and quantitatively ascertain that the targets are being met.
(3) The security target attainment status shall be reported to management.

6. In order to uphold and improve the ISMS, regular training sessions for the entire staff shall be conducted, and the results shall be measured.

7. The application scope of the ISMS shall be defined in the separate "ISMS Scope" document.

(Supplementary provision)
This policy shall take effect from March 1, 2008.

March 1, 2008
VALTES CO.,LTD
President Shinji Tanaka
Page Top