BridgeAZ, Inc. (hereafter referred to as “this firm”) recognizes that information assets, including valuable customer information handled in the course of its business, are extremely important to the management of this firm in order to provide better products and services to its customers and to maintain their trust. This firm recognizes the importance of protecting these information assets from risks such as leakage, damage, and loss, and all employees will comply with this basic policy and practice activities to maintain the confidentiality, integrity, and availability of information assets.
- In order to protect information assets, we will formulate an information security policy and conduct our business in accordance with this policy, and at the same time, we will comply with laws, regulations, and other standards related to information security, as well as with the terms of our contracts with our customers.
- We will establish a systematic risk assessment method and conduct periodic risk assessments by clarifying the criteria for analyzing and evaluating the risks of leakage, damage, loss, etc. that exist for information assets. Based on the results of the assessment, we will implement necessary and appropriate security measures.
- We will establish an information security system led by the employees in charge, and clarify the authority and responsibility for information security. In addition, we will regularly provide education, training and awareness-raising programs to ensure that all employees recognize the importance of information security and handle information assets appropriately.
- The status of compliance with the Information Security Policy and the handling of information assets shall be checked and audited on a regular basis, and corrective or preventive measures shall be promptly taken for any deficiencies found or items for improvement.
- We will take appropriate preventive measures against the occurrence of information security events and incidents, and in the unlikely event that they do occur, we will establish procedures for minimizing damage in advance, and in the event of an emergency, we will respond promptly and take appropriate corrective measures.
- We will establish an ISMS, an information security management system, and implement it, while continuously reviewing and improving it.