Basic Policy on Information Security

NSW Inc. (hereafter “NSW”) has established a Basic Policy on Information Security to satisfy the trust placed in NSW by society by ensuring the confidentiality, completeness, and availability of the information assets that NSW holds and maintains in the course of its businesses. NSW continuously works to construct, maintain, and improve a more advanced information security management system.

1. Construction of an information security management system

NSW has appointed a chief information security officer, has established internal regulations, and strives to construct and maintain an information security management system both for NSW itself and its outsourcing contractors.

2. Protection of information assets

NSW takes appropriate information security measures to prevent any unauthorized access, leakage, alteration, loss, destruction, or obstruction of use of information assets, and strives to otherwise protect information assets.

3. Information security training

NSW provides thorough training on information security to all of its officers and employees (including dispatched employees, temporary employees, contract employees, and part-time workers) to ensure that they are able to carry out business with high information security literacy

4. Acting upon information security incidents

In the event that an information security incident such as an unauthorized access, leakage, alteration, loss, destruction, or obstruction of use of information assets occurs, NSW responds by immediately detecting the causes, minimizing the effects, and taking steps to prevent future recurrences.

5. Observance of laws and regulations

NSW observes laws and rules related to information security.

6. Review and improvement of the information security management system

NSW routinely conducts audits to confirm NSW’s compliance with this policy and internal regulations, and continuously reviews and improves its information security management system.