
SECURITY POLICY
Our company's raison d'être is to contribute to society through our business in the spirit of coexistence and co-prosperity, and we recognize the importance of protecting various information assets, including customer information handled in our business. We have established the "Basic Information Security Policy" approved by our management as the basic policy for building an information security system, and we will build, introduce, establish and maintain an information security management system (hereinafter referred to as ISMS), and will continually improve it.
​
1. Definition of Information Security
Information security refers to maintaining the confidentiality, integrity, and availability of information and appropriately protecting information assets.
​
2. Purpose of information security
We believe that information assets are the most important thing to protect in our business activities, including our call center business and inside sales business, and we aim to properly protect information assets from a wide range of threats that may occur intentionally, accidentally, or due to the environment (naturally).
3. Scope of application
The scope of application covers all information assets under our control.
​
4. Basic Policy
In order to reduce the risk to information assets to an acceptable level as a company, we will set basic information security policies and information security goals. Based on these policies and goals, we will formulate, implement, evaluate and analyze ISMS plans and continually improve them.
​
We clearly identify the information security measures required by the company's business operations and laws and regulations, as well as contractual information security obligations, and comply with them as our company responsibility.
In order to establish and maintain the ISMS, the company must develop an organizational structure for information security, an environment for risk management of information assets, and a system for implementing information security education and training to raise employees' awareness of information security. In order to do so, the company's management must provide sufficient management resources.
​
Establish criteria for evaluating risks, define risk management procedures, and perform risk assessments of information assets. In the risk management procedures, risk evaluation criteria are set and management determines the acceptable level of risk.
​
​
​
​
​
​
​
​
​
​
​
​
The Privacy Mark is a certification system for handling personal information.
Our company has been granted the Privacy Mark certification by the Japan Information Processing Development Corporation.
​
April 1, 2008
Upsell Technologies, Inc.
Representative Director: Masaki Ehara
