Information Security Policy

• HOME
• Information Security Policy

1. Purpose

Colbo Co., Ltd. (hereinafter referred to as “the Company”) recognizes that in conducting its business and managing its employees (hereinafter referred to as “business”), it utilizes a wide range of information assets. Therefore, appropriately implementing information security and striving to protect these assets is not only essential for conducting corporate activities based on societal trust, but also a significant social responsibility. In light of the importance of information security, the Company hereby establishes this Information Security Policy (hereinafter referred to as “this Policy”), and commits to developing, implementing, maintaining, and continually improving an Information Security Management System (ISMS).

2. Key Security Practices

The Company shall implement the following measures in accordance with this Policy and the Company’s ISMS:

(1) Information Security Objectives

Develop and maintain objectives that align with this Policy, incorporate applicable information security requirements, and reflect the results of risk assessments and responses. Communicate objectives to all employees and review them regularly or upon significant changes.

(2) Management of Information Assets

a) Grant access rights strictly based on business necessity.

b) Manage all assets in accordance with legal, regulatory, and contractual obligations, and the Company’s ISMS requirements.

c) Classify and protect assets based on their value, confidentiality, integrity, and availability.

d) Monitor assets continuously to ensure effective management.

(3) Risk Assessment

a) Prioritize critical assets based on business needs, conduct regular risk assessments, and implement appropriate controls and mitigation measures.

b) Investigate security incidents, analyze root causes, and take corrective actions to prevent recurrence.

(4) Business Continuity Management

Establish and maintain business continuity plans to minimize business interruptions caused by disasters, system failures, or other incidents. Ensure that critical operations can be resumed promptly and securely.

(5) Education

Deliver regular information security training and awareness to all employees.

(6) Compliance with Regulations and Procedures

Adhere to internal ISMS regulations and procedures.

(7) Compliance with Legal, Regulatory, and Contractual Requirements

Ensure compliance with all relevant legal, regulatory, and contractual obligations.

(8) Continuous Improvement

Regularly review and enhance the ISMS to improve security practices.

3. Roles, Responsibilities, and Disciplinary Actions

The President holds ultimate responsibility for this Policy and the ISMS. All employees are required to comply with the Policy and related procedures. Violations or negligence may result in disciplinary action in accordance with employment rules. For partner company personnel, contractual terms shall govern enforcement and penalties.

4. Review and Maintenance

The Company shall review this Policy and the ISMS periodically and update them as necessary to ensure continued relevance and effectiveness.

Established: November 1, 2024
Last Revised: November 1, 2024

Approved by: Masahiko Uchibori, President

This Information Security Policy was originally drafted in Japanese. The English translation is provided for reference only. In case of any discrepancy or inconsistency between the Japanese and English versions, the Japanese version shall prevail.