Information Security Basic Policy
PERSOL HOLDINGS CO., LTD and its group companies (hereinafter “Persol Group”) subscribe to cooperate principles of our group vision: Work and Smile. We aim to realize our group vision by providing a range of diversified work opportunities to people to maximize their potential and by offering a variety of services for people with diverse values.
The Persol Group recognizes its corporate social responsibility to protect customers and their information from all kinds of threats, to ensure the necessary security for that, and to provide continuous and stable service, we have established this basic policy and will comply with it in order to realize this goal.
1. Development of information security framework
Persol Group shall appoint an information management officer in each of its organizations to ensure the protection and appropriate management of all of its information assets and, establish a framework to enable the prompt implementation of information security measures.
2. Information security training
Persol Group shall implement requisite information security training for all employees in accordance with employee positions and roles and, promote increased awareness of information security and make all aware of the various rules and, this policy.
3. Protection of information assets
Persol Group shall implement risk assessment and controls to ensure that all of its important information assets are protected from various threats and, shall periodically review risks and where necessary, improve said controls.
4. Addressing information security incidents
Persol Group shall promptly take appropriate action when information security incidents occur and also, shall take appropriate measures to prevent any reoccurrence.
5. Compliance with relevant laws and regulations
Persol Group shall comply with all laws, requirements, regulations, rules and contractual obligations in relation to information security. Conduct that breaches the above shall be dealt with appropriately.
6. Revision and improvement
Persol Group shall implement periodical internal audits and, shall review the results in order to ensure that management of information assets is appropriate. Further, Persol Group shall consider changes of internal and external factors that may affect information security and, shall make continual improvements to information security management systems.
October 1st, 2019
Representative Director, President and CEO
PERSOL HOLDINGS CO., LTD.
The PERSOL Group established a CSIRT, ”PERSOL-SIRT” (PERSOL Group Security Incident Response Team), which is the contact point for cyber security incidents for the entire group, led by the Information Security Department of Group IT Division. In April 2016, we joined Nippon CSIRT Association.
In addition to internal activities related to security such as incident handling, establishment of guidelines, and education , we also work to share and utilize security information by strengthening cooperation with external parties.
Information Security Department, Group IT Division,
PERSOL Holdings Co., Ltd.
*CSIRT (Computer Security Incident Response Team) is the general term for an organization responsible for handling security incidents (accidents and urgent matters) in cyberspace (primarily on the internet)and collect information on vulnerabilities and establish response policies and guidelines in order to prevent, detect, and promptly resolve security incidents, and to minimize any damage in the case of occurrence.
In order to manage our information and information systems appropriately and safely, some of our subsidiaries have acquired third-party certification such as ISO/IEC27001, an international standard for information security management systems (ISMS), and Privacy Mark, a certification standard for personal information protection systems, in light of business characteristics.
Information Security Initiatives
The PERSOL Group has identified IT-related risks that could lead to the leakage of personal information as one of the Group's significant risks and is working to further strengthen risk countermeasures.