SECURITY POLICY
Information security basic policy
GDX Co., Ltd. (hereinafter referred to as "the Company") has the mission of "pursuing and realizing a new form of EC", and is launching and marketing businesses related to online shopping for overseas markets, mainly in Japan and Asia.
To protect the information assets handled in all of our business areas from all threats and to appropriately maintain confidentiality, integrity, and availability, we have established rules conforming to the contents of JISQ27001:2014 (ISO/ IEC27001:2013), Information Security Management System Requirements, and an internal system for operating rules as an "Information Security Management System". We will continually proceed with a series of activities in the information security management system to achieve proper handling and management of information assets and provide trust and reassurance to all our stakeholders.
Definition of information security
We define information security as a process to maintain confidentiality, integrity, and availability of information assets.
Risk assessment
Regarding the information assets the Company holds, we have identified the information security handling risks that can be predicted, according to the procedure stipulated in the company regulations. We have analyzed and evaluated the causes of the recognized risks and determining optimal countermeasures. After that, we prepare and implement handling procedures of the information assets in our business performance. Through the implementation of risk countermeasures, we reduce the identified risks to be under our acceptance level.
Compliance with laws and contractual security obligations
In operating the "Information Security Management System," we comply with laws and regulations related to information security, as well as requirements such as confidentiality agreements with stakeholders, and we take social responsibility in compliance with appropriate information security management.
Information security education and training
We make all employees engaged in the business aware of the importance of information security, and the proper use of information assets. We also provide necessary educational sessions and training to our employees.
Business continuity management
We formulate, test, and evaluate business continuity plans to deal with interruptions in business activities due to serious information system failures or effects of disasters.
Information security incident
We take preventive measures to avert information security incidents.
In the unlikely event, we will take corrective action to minimize the impact by investigating causes and taking prompt actions.
We declare that we will work on information security based on the above policy.
Enactment date: November 1, 2021
GDX Co., Ltd.
Jun Horata, CEO
To protect the information assets handled in all of our business areas from all threats and to appropriately maintain confidentiality, integrity, and availability, we have established rules conforming to the contents of JISQ27001:2014 (ISO/ IEC27001:2013), Information Security Management System Requirements, and an internal system for operating rules as an "Information Security Management System". We will continually proceed with a series of activities in the information security management system to achieve proper handling and management of information assets and provide trust and reassurance to all our stakeholders.
Definition of information security
We define information security as a process to maintain confidentiality, integrity, and availability of information assets.
Risk assessment
Regarding the information assets the Company holds, we have identified the information security handling risks that can be predicted, according to the procedure stipulated in the company regulations. We have analyzed and evaluated the causes of the recognized risks and determining optimal countermeasures. After that, we prepare and implement handling procedures of the information assets in our business performance. Through the implementation of risk countermeasures, we reduce the identified risks to be under our acceptance level.
Compliance with laws and contractual security obligations
In operating the "Information Security Management System," we comply with laws and regulations related to information security, as well as requirements such as confidentiality agreements with stakeholders, and we take social responsibility in compliance with appropriate information security management.
Information security education and training
We make all employees engaged in the business aware of the importance of information security, and the proper use of information assets. We also provide necessary educational sessions and training to our employees.
Business continuity management
We formulate, test, and evaluate business continuity plans to deal with interruptions in business activities due to serious information system failures or effects of disasters.
Information security incident
We take preventive measures to avert information security incidents.
In the unlikely event, we will take corrective action to minimize the impact by investigating causes and taking prompt actions.
We declare that we will work on information security based on the above policy.
Enactment date: November 1, 2021
GDX Co., Ltd.
Jun Horata, CEO
