- Home>
- Information Security Basic Policy
Information Security Basic Policy
Information Security Basic Policy
1. Declaration
C-Square Co., Ltd. (hereinafter referred to as the “Company”), based on its corporate philosophy, shall strive to ensure and enhance the confidentiality, integrity, and availability of all information assets,
and to meet the trust of customers and society as a whole.
To this end, the Company hereby establishes this Information Security Basic Policy (hereinafter referred to as the “Policy”). Based on this Policy,
the Company shall establish an information security management system, promote awareness and understanding of information security through education and training for all officers and employees,
and build a management system that responds to social requirements and changes in the environment, including cybersecurity risks, while continuously working to improve it.
2. Scope of Application
This Policy applies to all information assets related to the business activities managed by the Company, including those involving contractors and external services.
3. Compliance with Laws and Regulations
The Company shall comply with the Act on the Protection of Personal Information, the My Number Act, the FISC Security Guidelines, and other laws, regulations, guidelines established by the government,
and other standards related to information security.
4. Establishment of Information Security Management System
To protect and appropriately manage information assets, the Company shall establish an information security management system and an emergency response framework for security incidents.
The Company shall also appoint an information security officer and build an information security promotion framework led by management.
5. Establishment of Information Security Regulations
To protect and appropriately manage information assets, the Company shall establish regulations related to information security and ensure that all officers and employees are fully informed of them.
6. Implementation of Information Security Measures
The Company shall strive to prevent information security incidents by implementing appropriate information security measures according to the nature of each information asset.
In the event of an incident, the Company shall respond promptly, minimize damage, and take measures to prevent recurrence.
7. Implementation of Cybersecurity Measures
The Company recognizes increasingly sophisticated and advanced cyberattacks as a significant management risk.
The Company shall endeavor to strengthen cybersecurity measures, including the establishment of multi-layered defenses such as protection against unauthorized network intrusion and appropriate access controls,
as well as the development of a framework capable of responding to threats.
8. Implementation of Information Security Education and Training
The Company shall provide education and training to all officers and employees to ensure their recognition of the importance of information security and to enable the proper use and management of information assets.
Through such education and training, the Company shall ensure that necessary knowledge and skills for information security are acquired and that information security initiatives are firmly established.
9. Risk Assessment of Information Assets and Continuous Improvement
The Company shall maintain its information security initiatives and, in order to respond to changes in the business environment and social conditions,
regularly evaluate its information security management system and the implementation status of security measures, and continuously seek improvement.
10. Management of Contractors and External Services
The Company shall appropriately manage information security risks in its supply chain,
including contractors, business partners, and cloud services, and shall ensure an appropriate level of security through audits and contractual provisions as necessary.
11. Response to Violations and Incidents
In the event of any violation of laws and regulations, breach of contract, or incident related to information security, the Company shall respond appropriately and strive to prevent recurrence.
In the event of a serious information security incident, the Company shall promptly report to management, analyze the cause, and formulate measures to prevent recurrence.
12. Ensuring Business Continuity
The Company shall develop, conduct training for, and review BCP/DR plans to ensure the continuity of critical business operations even in the event of large-scale system failures or disasters.
13. Audit and Evaluation
The Company shall regularly conduct internal audits regarding the operation of this Policy and, as necessary, undergo external audits and strive for improvement.
Revision Dates
November 1, 2021
December 21, 2023
Representative Director Jeff Jung
- C-Square Inc.
- Through our comprehensive services from planning/design, implementation, operation and support, we promise to create safe, reliable, and speedy information systems with our global and friendly services, processes, and support structure based in Japan and Korea.
Search by Services
Web Integration
Mobile Integration