JERA Group Information Security Basic Policy
JERA Co., Inc. and JERA Group companies (hereinafter referred to as "JERA Group") believe that our mission is to contribute to better lives of people and bring vitality to economies and industries all over the world through the globally competitive supply of power and energy.
Understanding that utilization and exploitation of information technology is indispensable for the realization of this mission, and aiming to protect our information assets adequately and enhance security of our transactions, we hereby define our "Information Security Basic Policy" (Hereafter called "This Policy") to have it fully implemented throughout the corporation.
(Scope of Applicability)
This Policy shall apply to all JERA business sites and personnel engaged in JERA business activities who may have accessibility to our information assets, including but not limited to executives, employees and staff on duty.
We shall observe and comply with all applicable laws, regulations and standards on information security as well as JERA-defined rules and contractual requirements, and take strict disciplinary action against anyone in breach of these obligations.
We shall appoint and hold accountable person(s) from top management to install and fully implement our information security management structure.
(Precautions and Countermeasures)
We shall identify such risks as leak, alteration, destruction and/or unauthorized use of our information assets, and take necessary physical, technical, operational, and human precautions and countermeasures.
In the unlikely event of any incident or problem related to information security, we shall respond quickly to contain the damage to a bare minimum, perform root cause analysis and take recurrence prevention measures.
(Education and Enlightenment)
We shall provide proper education on information security to all personnel including but not limited to executives, employees and staff on duty to ensure that they are fully and thoroughly informed about the relevant laws, regulations, This Policy and related rules.
We shall continue to improve This policy, relevant rules and management structure based on the findings of periodical internal audit and/or assessment so that we be ready and prepared to handle new threat to our information security and/or change of environment.