1. Purpose
This Information Security Basic Policy ("Basic Policy") is designed to ensure the proper protection of important information held within NEXYZ.Group Corporation, within interested parties, or within external organizations. Herein, we clarify our basic policies in the establishment, maintenance, and ongoing improvement of our Information Security Management System , established in conformance with ISO27001 and put in place to help us accomplish the objectives of our organization.
2. Compliance
Compliance with legal and contractual issues is the first step in NEXYZ.Group Corporation information security. With this in mind, we strive to be perfect in compliance with the following matters:
1. Comply with contract terms related to information security
2. Comply with labor regulations and other organizational rules
3. Comply with regulations specified within our own information security management system
4. Comply with laws, regulations, and guidelines as provided in List of Laws, Regulations, and
Guidelines
3. Employee Responsibilities and Duties
All employees and relevant departments must follow the procedures provided to maintain and
support this Basic Policy. Further, all employees and relevant departments are responsible for
reporting information security-related incidents, or a suspected risk of incident,
promptly.
Any acts intended to compromise information assets protected by NEXYZ.Group
Corporation, customers, or relevant departments shall be subject to disciplinary and/or legal
action.
4. Risk Management
NEXYZ.Group Corporation conducts information security assessments to identify risks associated with the loss of confidential information, incomplete information, or loss of access to information. We determine the necessity and sufficiency of controls in response to information security risks, striving to be worthy of the confidence of interested parties and outside organizations in our ability to properly manage risks that impact our information security.
5. Ongoing Improvements
NEXYZ.Group Corporation conducts internal audits, management reviews, and other performance evaluations to determine whether we are in compliance with this Basic Policy. We continue to assess and improve our information security management system on a regular basis.