Home > Compliance > Information Security

Information Security

Information Security Committee

Pole To Win has organized an Information Security Committee and assigned an Information Security Director. The director is clarified to oversee company-wide information security and a structure has been built to allow for promptly implementing necessary countermeasures.

The Information Security Committee carries out the role of actively promoting information security measures throughout the entire company from every angle, including from organizational, human resources related, physical, and technical perspectives.

Role of the Information Security Committee

  • Providing consent for information security management plans
  • Assessing the company's information security measures
  • Establishing and revising policies related to information security measures
  • Spreading awareness of and educating about information security countermeasures
  • Making decisions on penalties for violators of information security measures
  • Implementing resolutions made by the company

Information Security Policy

Pole To Win has established the Pole To Win Information Security Policy in order to implement proper information security measures with a common awareness shared by each division.

A clear policy has been laid down regarding the handling of all information assets, such as personal information and confidential information received, and all employees are educated on the implementation of measures to prevent all possible instances of information leaks, and of the strict consequences that will be enforced in the event of an information leak or other violation.

Pole To Win also makes regular revisions to this Policy so as to adapt to environmental changes, technical innovation, and other circumstances.

The Pole To Win Information Security Policy indicates a policy for information security measures from organizational, human resource related, physical, technical, and all other perspectives, for information security structures that are to be constructed for the overall company and at each individual office, confidential information, the handling of personal information, system development and operation, risk management, employee training, etc.

Educating employees about information security

Pole To Win works to improve employees' knowledge and etiquette by implementing ongoing training for employees regarding the protection of personal information and information security.

A group learning program has been created where regular participation in educational classes is required, materials on information security are distributed, and regular announcements are presented. Furthermore, efforts are made to boost the skills of the Information Security Director by providing the director with new information through participation in external seminars and also exchanging information with other individuals with official certification.

Training is provided to all company employees, including permanent and contracted staff. In this way, Pole To Win works to ensure a thorough level of company-wide security.

Example Efforts

As a corporate provider of testing (verification/evaluation) and translation services, Pole To Win addresses information security with top priority put on protecting information acquired from clients as well as personal information.

As a countermeasure on the technical and operational level, a department is put in charge of conducting in-house security supervision and internal auditing. Auditing mainly consists of checking the status of such factors as the usage of company networks from work computers, access to various company servers, access to the internet, and access to databases that include confidential information. If it is found that someone has violated company rules, they are warned and supervised.

In regards to the actual working environment, different areas of the company are divided into different security levels and entrance regulations are set forth based on the level of security. Confidential and personal information can only be handled in high-level security areas.

High-level security areas are thoroughly managed such as through controlling area access with electric locks, situating desks so that managers can check who enters the area, and prohibiting the carrying of mobile phones.

Using key cards to manage building access

An access management system that uses key cards is installed at the entrance to all rooms where testing and translation takes place. By preventing persons that entered a room without using a key card from exiting, this system deters "tailgating" (more than one person entering/exiting a room together). Also, by pairing the key card system with surveillance cameras every person that enters and exits these areas is recorded.
Using key cards to manage building access

Using fingerprint authentication and digital locks to manage access

Fingerprint authentication and digital lock systems have been installed in areas such as archives where data received from clients has been stored or server rooms in order to manage access to these areas and to create even higher level security areas within the exiting security areas. This higher level of security is maintained by restricting personnel access.
Using fingerprint authentication and digital locks to manage access

Monitoring via surveillance cameras

Working areas, entrances and exits, equipment storage facilities, and other areas are monitored and recorded 24 hours a day, 365 days a year in order to enforce a strict entry/exit management system and prevent information theft.
Monitoring via surveillance cameras

Monitoring via motion sensors

In addition to fingerprint authentication, archive areas where data received from customers is stored also employ a notification system that uses motion sensors to prevent wrongful intrusion when said areas are left unattended.

Photos: Secom Co., Ltd.

Page Top