Information Security Policy
CHUGOKU MARINE PAINTS, LTD. and its consolidated subsidiaries (hereinafter referred to as the “CMP Group”) have established this Information Security Policy with the aim of systematically and continuously addressing information security challenges. This policy is designed to protect information assets from threats such as accidents, disasters, and crimes in today’s advanced information society, enabling us to provide products and services that satisfy our customers while upholding the trust placed in us by both our customers and society.
1. Development of Internal Frameworks and Information Security Standards
The CMP Group shall establish the necessary management framework to maintain and improve information security, and formulate the required information security standards as internal rules.
2. Compliance with Laws, Ordinances, and Contractual Requirements
The CMP Group shall comply with the laws, ordinances, and regulations in force in the regions where it operates, as well as with its internal regulations, and shall implement controls over information systems and related data in accordance with the universal ethics upheld by socially responsible enterprises. The CMP Group shall also comply with information security requirements stipulated in contracts with customers.
3. Establishment of Appropriate Information Systems
The CMP Group strives to reduce internal control risks that could impede the achievement of its business objectives. It adopts information systems that maintain reliability, safety, and functionality, and implements appropriate technologies and information security measures that are consistent across the organization.
4. Employee Initiatives
Employees of the CMP Group shall acquire the knowledge and skills necessary for maintaining and improving information security, thereby ensuring the effectiveness of the CMP Group’s information security initiatives.
5. Responding to Violations and Incidents
The CMP Group shall establish a framework for responding to violations of laws, ordinances, regulations, standards, and customer contracts related to information security, as well as to information security incidents, in order to mitigate their impact.
