Capy Inc. (hereinafter referred to as "our company") conducts business with the idea of realizing a society where all people can use web services with peace of mind through information security technology and live affluently.
Persons who handle information assets, including officers and employees who recognize the importance of protecting information assets from risks such as leakage, damage, and loss, comply with this policy, and the confidentiality and completeness of information assets. We carry out activities to maintain information security such as availability.
1. In order to protect information assets, we will formulate an information security policy, operate in accordance with it, and comply with laws, regulations and other norms related to information security, as well as contract terms with customers.
2. We will clarify the criteria for analyzing and evaluating the risks of leakage, damage, loss, etc. that exist in information assets, establish a systematic risk assessment method, and carry out risk assessment on a regular basis. In addition, based on the results, we will implement necessary and appropriate security measures.
3. We will establish an information security system centered on the officer in charge and clarify the authority and responsibilities related to information security. In addition, all employees are aware of the importance of information security and regularly educate, train and raise awareness to ensure the proper handling of information assets.
4. We will regularly inspect and audit the status of compliance with the information security policy and the handling of information assets, and promptly take corrective actions for any deficiencies or improvement items found.
5. In addition to taking appropriate measures against the occurrence of information security events and incidents, in the unlikely event that they occur, we will establish a response procedure in advance to minimize damage, and promptly in the event of an emergency. We will respond and take appropriate corrective action. In particular, for incidents related to business interruption, we will establish a management framework and regularly review it to ensure the continuity of our business.
6. We will establish an information security management system that sets goals to realize the basic philosophy, implement it, and continuously review and improve it.
Established on July 1, 2020
President and CEO Mitsuo Okada