GMO Trust Information Security Policy
GMO-Z.com Trust Company, Inc. (hereinafter referred to as "our company") is committed to protecting information assets from various threats and will strive to maintain a rigorous information security policy.
1. Objective of Information Security Policy
"Information assets" covered by this policy are all information learned, obtained and stored during our corporate activities. Directors, officers, employees, temporary staffs, and subcontractors and their employees who handle our information assets must comply with this Information Security Policy.
2. Establishment of information security management structure
Establish a highly secure information security management structure to gain the society's confidence at any time through making every possible effort to protect all information assets held by our company and comply with the information security-related statutes and other rules.
3. Assignment of Chief Information Security Officer
The CISO is responsible for managing all aspects of information security, including the management of Nonpublic Information.
4. Establishment of information security rules
Establish rules based on Information Security Policy to demonstrate and set a strict policy for information assets in general, as well as keep internal and external stakeholders informed to prevent information leakage.
5. Development and enhancement of audit structure
Develop a robust audit function that can perform several tasks necessary for this Information Security Policy. In addition, from time to time, our company conducts third-party audits to obtain more objective evaluations. By performing these audits in a planned manner, our company affirms compliance with our security policies.
6. Implementation of a system with thorough information security measures
Implement a system that reflects thorough measures to prevent unauthorized intrusion, leakage, falsification, loss, destruction, and obstruction of the use of information assets. As a measure, our company thoroughly manages access to data and systems, such as working in a high-security area, granting access rights based on roles, and restricting database access rights.
7. Enhancement of information security literacy
Ensure thorough information security education and training to our employees to ensure everyone accessing our information assets can carry out their duties with information security literacy. In addition, our company will continue to provide education and training to cope with ever-changing situations.
8. Strengthen the management structure of outsourced contractors
Request outsourcing agents to keep a security level equivalent to or more than that of our company by comprehensively examining the eligibility of the agents when outsourcing operations. In addition, to confirm that these security levels are appropriately maintained, our company will continuously review our subcontractors and strive to strengthen our relationship.
Supplementary provision
This information security policy will come into effect on October 7, 2022.