Basic Compliance Policy
KAYAC Inc. (hereinafter referred to as “the Company”) sees compliance to be an importance management issue and has set forth and is implementing the following Basic Compliance Policy.
The purpose of the Basic Compliance Policy is to raise the awareness of compliance within the Company and among the Company’s officers, regular employees, contract employees, part-time employees, outsourced employees and other temporary employees (hereinafter referred to as “officers and employees”) and to achieve fair and appropriate management through the implementation of compliance.
Ensuring Legal Compliance
The Company and the Company’s officers and employees shall base all of their actions on compliance and strictly observe laws, regulations, social norms, and company rules, etc.
Establishment of Company Rules, etc.
The Company shall establish Compliance Rules and a Compliance Manual.
Dissemination and Education
The Company shall make an effort to raise awareness on and knowledge of compliance throughout the entire Company by ensuring compliance information is disseminated to the Company’s officers and employees. Furthermore, company training on compliance shall be provided to officers and employees.
Response to Compliance Violations
The Company will strictly address compliance violations and acts suspected to be compliance violations.
The Company shall make ongoing improvements to rules and manuals including this Basic Policy.
Information Security Policy
KAYAC Inc. (hereinafter referred to as “the Company”) sees ensuring information security to be an importance management issue, and has set forth and is implementing the following Information Security Policy.
Article 1 (Purpose)
The purpose of this Policy is to prevent damage to the Company's information assets and to increase the security and reliability of the services provided by the Company by implementing appropriate information management for ensuring the confidentiality, integrity and availability of all information assets in the Company.
Article 2 (Legal Compliance)
The Company shall comply with laws, regulations, and rules, etc. concerning information security.
Article 3 (Organization)
The Company shall establish an “Information Committee” (hereinafter referred to as “the Committee”) to promote information security management.
Composition of the Committee
The chairperson shall be a person who nominated by the executive officers meeting.
In principle, members shall be chosen from among department heads.
Personnel responsible for security measures shall be appointed, and they shall serve as the secretariat.
Roles of the Committee
Updating policies and procedures, etc. related to information security
Information gathering and monitoring concerning threats to information assets
Confirming the status of operation of policies and procedures, etc. related to information security
Article 4 (Operation of Policies and Procedures, etc. Related to Information Security)
The Company shall stipulate information security standards according to the content of information assets, and make an effort to ensure information security. Furthermore, the Company shall periodically conduct internal audits to evaluate the state of operation.
Article 5 (Dissemination and Education)
The Committee shall ensure that information on information security is disseminated to the Company’s officers and employees including officers, and to officers and employees of partner companies, and make an effort to raise the level of awareness, knowledge and technology, etc. concerning information security throughout the entire company.
The Basic Policy shall be disclosed to all officers and employees including the officers and employees of partner companies. The disclosed documents shall be revised as appropriate, and always available for viewing in their updated condition.
The necessary education shall be provided to all personnel involved in the Company’s information assets. Information security training shall be provided to officers and employees.
Article 6 (Ongoing Improvement)
The Company shall review and make ongoing improvements to all information security measures including this Basic Policy by conducting internal audits and formulating business plans.