Information Security Initiatives
Basic Policy on Information Security
OBIC operates a total systems integration business that provides corporate customers with systems analysis and consulting services and a systems support business that covers hardware maintenance and systems operation. We recognize that the information assets of both the Company and the customers that we serve through these operations are a critical component of our business management platform.
We have formulated and are implementing a basic policy on information security to protect these information assets from various risks.
- 1Scope of application
This basic policy covers information assets handled by organizations and in operations established as being within the scope of application of the Company's information security management system. The term information assets refers to information held or managed by the Company, data and information systems, software, network equipment and facilities, documents, expertise, and intellectual property.
- 2Information security framework
We have established an information security framework centered around the management team. Under this framework, we strive to establish, introduce, operate, monitor, review, maintain, and improve information security measures.
- 3Protecting information assets
We conduct risk assessments of information assets that take into account confidentiality, integrity, and availability, and then work to protect these assets in an appropriate manner based on our information security policies.
- 4Compliance with laws and regulations
We comply with laws, regulations, and other norms relating to information security.
- 5Information security education and training
We carry out educational activities for officers and employees and keep them thoroughly informed in order to improve information security and ensure recognition of its importance.
- 6Handling of information security incidents
If an information security incident (such as an accident) occurs or is suspected to have occurred, we will act quickly to implement preventative or corrective measures.
- 7Review and improvement
We regularly review and improve our information security policies in accordance with factors such as changes to business operations and management policy, social change, technological change, and changes to laws and regulations.
Initiatives
ISO/IEC 27001 (ISMS)
We recognize that the information assets of both the Company and the customers that we serve are a critical component of our management foundation.We hold information security seminars for all employees several times a year and work to improve employees’ knowledge about security. In addition, to protect these information assets from various security risks, we acquired Information Security Management System (ISMS) certification in 2007, and have since then expanded the scope of acquisition.Furthermore, an audit is conducted each year by an independent third party for obtaining and maintaining ISMS certification.We have secured appropriate measures against risks involving information security under the director in charge of information security.
- Scope of registration
- System analysis, design, development, maintenance, operation, and services ordered by customers, design and development of integrated package software, and installation and support services, incorporated business units(Tokyo Headquarters, Tokyo Headquarters Kyobashi Edogrand, Osaka Headquarters, Yokohama Branch, Nagoya Branch, Kyoto Branch, Fukuoka Branch, and East Japan Data Center No. 2)
SOC 1 and SOC 2 Type 2 Report
We have obtained SOC 1 Type 2 Report on internal controls related to contracted business in compliance with the U.S. standard AT-C Section 320 (SSAE No. 18) as well as SOC 2 Type 2 Report on internal controls related to Trust service standards (among security standards) in compliance with the U.S. standards AT-C Section 105 and AT-C Section 205 (SSAE No. 18) and SOC 2 Trust Service Criteria (Security). OBIC is capable of providing highly transparent and highly trustworthy cloud services to its client companies, along with reducing the burden of audits of financial statements, audits of internal controls and other such processes, and has received objective evaluations of its response to information security risks.
Developing Security Personnel
We are also focused on implementing measures to counter the growing threat of cyberattacks. We have set up a dedicated security team in-house, formulated security rules, and monitor quality. We have also enlisted a number of external specialist security firms to periodically search for vulnerabilities. As a result, OBIC7 and our cloud services have been highly appraised by customers. To develop security personnel, we encourage employees to acquire Registered Information Security Specialist certification, a nationally recognized certification in the cybersecurity field, and at present, more than 10 of our employees have been registered as holding this certification and are keeping it up to date.