Mynavi

BASIC POLICY ON INFORMATION SECURITY

Basic Philosophy

 
Mynavi Corporation (hereafter referred to as the “Company”) conducts business with its purpose, “To create a world that envisions the future by engaging individual potential.” The information assets handled in the Company’s business, including customer information, are extremely important as its foundation for management. Officers, employees who recognize the importance of protecting information assets from risks such as leakage, alteration and destruction, and all persons handling information assets shall comply with this Policy and put activities into practice to maintain information security, including the confidentiality, integrity and availability of information assets.
 

Basic Policy

 
  1. To protect information assets, the Company has established the Basic Policy on Information Security and the Information Security Policy prescribing related rules and regulations, and shall conduct business in accordance with these policies, as well as in compliance with laws, regulations and other rules related to information security and contract items with customers.
  2. Together with clarifying the criteria for analyzing and assessing the risks of leakage, alteration, destruction, etc. that exist for information assets and establishing systematic risk assessment methods, the Company shall conduct risk assessments on a regular basis. And based on the results, necessary and appropriate security measures will be implemented.
  3. An information security system led by a director in charge shall be established, and the authority and responsibilities for information security shall be clarified. Additionally, the Company shall regularly provide education, training, and heighten awareness to ensure that all employees recognize the importance of information security and handle information assets properly.
  4. The Company shall periodically inspect and audit compliance with the Information Security Policy and the handling of information assets, and promptly take corrective action when deficiencies or matters needing improvement are detected.
  5. The Company shall take appropriate measures against information security events and incidents, establish procedures to minimize damage in advance assuming the occurrence of such incidents, respond promptly in case of an emergency, and take appropriate corrective measures. In addition and in particular, business continuity shall be ensured by establishing a framework for the management of incidents which may lead to business interruption and periodically reviewing the framework.
  6. The Company shall establish and implement an information security management system that defines goals to achieve the Basic Philosophy, while continuously reviewing and making improvements.

The Company’s information security management system applies to all information held by the Company, including information itself such as on customers and sales information, as well as to files, emails and other data containing such information, computers such as PCs and servers on which the data is stored, recording media such as CD-ROMs, USB memory sticks, and SD cards and information assets in paper documents.

April 1, 2023

Yoshiaki Tsuchiya

Representative Director, President and Executive Officer

Mynavi Corporation