enigol
About Us
arrow
Access
arrow
Contact
arrow

Information Security Policy

1. Purpose

Enigol Inc. (hereinafter referred to as "the Company") recognizes that appropriately achieving information security and striving to protect information assets is an essential requirement for promoting corporate activities based on social trust, as well as a major social responsibility, given that we use many information assets in conducting our business and managing our employees (hereinafter referred to as "the Business"). Therefore, in view of the importance of information security, the Company has established this Information Security Policy (hereinafter referred to as "this Policy"), and will establish, implement, maintain, and improve an information security management system to specifically implement this Policy.

2. Implementation Items

In accordance with this Policy and the Company's information security management system, the following matters will be implemented:

(1) Information Security Objectives

The Company will formulate information security objectives that are consistent with this Policy and take into account applicable information security requirements and the results of risk assessments and risk responses. These objectives will be communicated to all employees and reviewed as needed in response to changes in the Company's environment, or periodically even if there are no changes.

(2) Handling of Information Assets

  • a) Access privileges shall be granted only to those who need them for business purposes.
  • b) Management will be conducted in accordance with legal and regulatory requirements, contractual requirements, and the provisions of the Company's information security management system.
  • c) Information assets will be appropriately classified and managed according to their importance from the perspectives of value, confidentiality, integrity, and availability.
  • d) Continuous monitoring will be conducted to ensure that information assets are properly managed.

(3) Risk Assessment

  • a) Risk assessments will be conducted, and appropriate risk responses and control measures will be implemented for information assets judged to be most important based on the characteristics of the Business.
  • b) Causes of accidents related to information security will be analyzed, and measures to prevent recurrence will be taken.

(4) Business Continuity Management

Standard business interruptions due to disasters or failures will be minimized, and business continuity capabilities will be ensured.

(5) Education

Information security education and training will be provided to all employees.

(6) Compliance with Regulations and Procedures

The regulations and procedures of the information security management system will be followed.

(7) Compliance with Legal and Regulatory Requirements and Contractual Requirements

Legal and regulatory requirements and contractual requirements related to information security will be followed.

(8) Continuous Improvement

Continuous improvement of the information security management system will be pursued.

3. Responsibilities, Obligations, and Penalties

The Representative Director shall bear responsibility for the information security management system, including this Policy, and employees within the scope of application shall have the obligation to comply with the formulated regulations and procedures. Employees who neglect their obligations or commit violations shall be subject to disciplinary action as prescribed in the employment rules. For partner companies' employees, appropriate responses will be taken in accordance with individually established contracts.

4. Periodic Review

The information security management system shall be reviewed periodically and as necessary to maintain and manage it.

Established: February 1, 2026
Last Revised: February 1, 2026
Representative Director: Kazuhiro Tsujita