If you have any questions or consultations about our services, please contact us.
Please feel free to contact us from the following.
Information security basic policy
1. Purpose
This Basic Policy on Information Security (hereinafter referred to as the Basic Policy) establishes the basic policy on information security of GMO Payment Gateway Co., Ltd. (hereinafter referred to as "the Company"). The purpose of this basic policy is to protect information assets, including personal information of the Company and its customers and business partners.
2. Scope
The scope of this basic policy is the equipment for preserving all information assets and information assets used by the Company in its business, as well as the Company's officers, employees, contract employees, part-time and temporary employees (hereinafter referred to as "all employees") who use such information assets.
3. Definition of terms
Information security
Protecting information from a wide range of threats with the goal of ensuring our business continuity, minimizing business damage, and maximizing the return on investment.
Information security policy
This basic policy and a general term for information security measures policies created in accordance with this basic policy.
4. Statement of Intent by Management
Our mission is to contribute to the realization of a safe and convenient payment for consumers and businesses, aiming to be the infrastructure for the payment process of Japan.
In conducting corporate activities in accordance with this mission, we utilize our unique information assets and receive information assets, including personal information, from many stakeholders.
In order to provide services with the keywords of adapting to the times, existence value, and sociality, and aiming for a further leap forward as a Credit card payment value-added creation company, we have formulated this basic policy and will work on information security measures based on the recognition that protecting these information assets from external threats is the most important management issue.
Based on this basic policy, which is based on this basic policy with the information security management system and PCI DSS in mind, we will build and operate information security, and take necessary protection and appropriate safety measures for the information assets of our company and our stakeholders.
All employees shall comply with this basic policy and aim to provide high value to stakeholders and expand corporate value through safe business activities that eliminate information security risks.
5. Basic Policy
-
Formulation of Information Security Policy
We will formulate an information security policy in accordance with the statement of intention of our management and announce it to all employees and related external parties. All employees comply with this information security policy and implement information security measures.
-
Establishment of an information security management system
-
We shall appoint an information security manager (hereinafter referred to as the "manager") who has overall responsibility for information security. The Administrator is responsible for guiding and managing the organization in terms of the establishment and operation of information security, including responding to security incidents.
-
The Company shall establish an Information Security Committee to accurately grasp the status of information security at the company-wide level and to be able to promptly implement necessary measures.
-
-
review
We will review this basic policy as appropriate and make continuous improvements in light of changes in the business environment, changes in the social environment and laws and regulations, the latest trends in information-related technologies, and newly discovered risks.
-
Implementation of Information System Security Measures
In order to protect our information system assets we will carry out risk analysis and implement security measures for information systems such as unauthorized access measures, virus measures, leakage measures, and reliability measures.
-
Protection of Personal Information
Conduct risk analysis on personal information and formulate and implement safety management measures for personal information protection.
-
Security Measures for Outsourcing
Regarding the outsourcing of our business, from the viewpoint of protecting confidential company information and personal information, we will examine the eligibility of the outsourcer, review and improve the contents of contract
-
Compliance with legal and contract requirements
contract obligations related to our information security, and security requirements, we will clarify these requirements and formulate and implement measures to comply with them.
-
Education, training, and dissemination and thorough dissemination of information security
Regularly educate and train all employees on information security, and make them aware of the importance of information security, proper handling and management.
-
Response to Security Incidents and Incidents
In the event of a security incident, the discoverer shall promptly report the details to the person in charge of management, and the person in charge of management shall immediately report to the relevant parties and take emergency measures as necessary. For security accidents, analyze the cause and take measures to prevent recurrence.
-
Business Continuity Management
We will ensure business continuity by minimizing business interruptions due to accidental disasters, breakdowns, negligence, and intentional assets
-
Measures against violations of the Information Security Policy
If our employees violate our information security policy, we will be subject to disciplinary action.
April 17, 29
Issei Ainoura