Information Security Policies

The Center considers the protection and safe management of information assets related to supercomputer systems (hereinafter referred to as “the computer systems”) to be an important issue.

We will declare and comply with the “Information Security Policy” in order to protect information assets and take appropriate safety management measures.

Target information assets shall be data stored in the computer system and information obtained from users of the computer system.

1. Establishment of information security management system

The Center has established an Information Security Committee chaired by the Chief Information Security Officer (CISO).

2. Development of operational bylaws

The Center has established operational rules for information security and makes them known to those involved in the operation of computer systems.

3. Daily monitoring

The Center routinely monitors the protection and secure management of information assets and takes action on any violations.

4. Implementation of information security measures

The Center implements security measures from the perspective of organizational, human, physical, and technical safety management measures in order to prevent accidents such as unauthorized access to and leakage of information assets.

5. Improving information literacy

The Center regularly provides education to those involved in the operation of computer systems to improve information literacy.

6. Selection of an appropriate subcontractor

When outsourcing the operation of computer systems, the Center selects subcontractors that possess the Privacy Mark and ISO/IEC 27001 certification.

7. Implementation of continuous improvement

The Center will periodically evaluate the above initiatives and continuously improve its information security management.

8. Handling of information assets

The Center will not provide the data stored in the computer system or the information obtained from the users of the computer system, information assets, to anyone other than those involved in the operation of the system without the consent of the users.