Commitment to Information Security

Basic Policy on Information Security

Primagest,Inc. is deeply aware of the importance of protecting the information assets of customers and other parties. We handle and formulate an information security policy that acts as a foundation for building an information security management system which provides a mechanism to achieve this objective. All personnel engaged in its operations comply with the regulations on this information security management system. The regulations are enforced and maintained and their operation status is audited in an effort to continuously improve the system.

1. Commitment to Information Security
  With an understanding that ensuring information security is one of the most critical tasks of management, as well as a corporate social responsibility, Primagest will ensure that every person engaged in its operations will be committed to it.
2. Information Security Policy
 

To build an information security management system aimed at protecting information assets, Primagest will set out an information security policy that serves as a foundation for the system. It will comply with it and continuously review it to improve its services.

3. Protection of Information Assets
 

Primagest will institute appropriate management measures according to the state of individual operations to unfailingly protect information assets from any threat to its confidentiality, integrity and availability.

4. Compliance with Laws and Regulations
  Primagest will comply with applicable laws and regulations, other rules and contractual requirements in order to ensure information security.
5. Education and Training
  Primagest will offer education and training to personnel engaged in its operations in order to improve their awareness of information security and familiarize them with the information security policy.
6. Prevention of Accidents and Actions
 

Primagest will run its information security management system to ensure that every single employee works to prevent information security accidents from occurring. Should an accident take place, we will swiftly implement appropriate actions, including those for preventing recurrence.

7. Auditing
  Primagest will regularly audit the operation of its information security management system and carry out remedial actions as needed to maintain information security.
8. Continuous Improvement
  Every year we set information security goals, define and plan activities to achieve those objectives, then, according to periodical review results, set the following year’s goals. In addition, we regularly evaluate and review our Information Security Policy, its related internal regulations and our management system, pursuing continuous improvement of information security.

June 1, 2006

Primagest,Inc.
Representative Director and President Kiyohiro Miisho

 

Basic Policy on Protection of Personal Information


Primagest,Inc. (BTJ) is a leader in image solutions, providing numerous customers with solutions for processing document image data. BTJ takes utmost care in handling information obtained to maintain its confidentiality. BTJ is aware that personal information is particularly important not only to the person it represents but also to BTJ itself. In this light, BTJ will carry out corporate activities with a high level of transparency to justify the trust of all those who have offered their personal information to BTJ by establishing and complying with the management system for protecting personal information it handles in its operations.
BTJ will deal with personal information in accordance with the protection policy stipulated as follows.

Established on May 6, 2006

Amended on April 1, 2007 (fourth edition)

Primagest,Inc.

Representative Director and President Kiyohiro Miisho


1)

Personal information acquired by BTJ will be used for the purposes announced and consented to at the time the information is acquired by those who have provided the information. It will not be used for any other purpose. Personal information will not be offered to third parties without the approval of the person providing the information.

Personal information obtained from customers for performing any test on systems operation, for converting personal information into image or text data, or for providing outsourcing services for similar processing will also be handled within the scope necessary to fulfill the purposes under the applicable agreement. It will not be used for any other purpose.

To enforce the above, BTJ will implement regular checks on the status of personal information handling performed by personal information protection administrators, as well as internal auditing on the personal information protection and management system performed by personal information protection auditing managers.

2) With respect to operation of the personal information management system, BTJ will comply with the Personal Information Protection Act, related guidelines, local government ordinances concerning protection of personal information, industry guidelines and JIS Q 15001 requirements.
3) BTJ will introduce an appropriate and reasonable level of security measures for all personal information handled for its operations against unauthorized access and other risks to prevent loss, destruction, falsification, divulgence, etc. In doing so, BTJ will strive to protect the personal information of all those who have provided it and put in place appropriate control. If any incident involving personal information occurs, BTJ is ready to take prompt action to contain the damage and then to analyze the causes of the incident to identify and remedy issues with current practice and institute procedures to prevent a recurrence.
4) BTJ will continue to review and upgrade its personal information protection and management system in response to changing circumstances and progress in information technology.
5) BTJ will properly respond to inquiries or complaints about its handling of personal information through the Personal Information Protection Inquiry and Consultation Helpdesk, detailed below.
 

Personal Information Protection Inquiry and Consultation Helpdesk

Phone: 044-578-5115 (weekdays 9:00-17:30)  e-mail: privacy@primagest.co.jp
Personal Information Protection Inquiry and Consultation Helpdesk, Planning Department


 

 

Primagest has obtained ISO 27001 certification.

On September 1, 2006, Primagest obtained certification for ISO/IEC 27001 (formerly ISMS/BS 7799), an international standard for information security management systems.

Corporate activities today must be increasingly globalized. Primagest believes that offering services based on the international ISO/IEC 27001:2005 standard is highly effective for maintenance and improvement of information security levels.
In the future, Primagest will be working to further enhance and upgrade its information security management system and thereby provide securer and more beneficial services.

Standard concerned ISO/IEC 27001:2005
Name of the certified organization Primagest, Inc.
Registration number JQA-IM0370
Scope of certification registration Sale of system solutions, development of applications, hardware and software maintenance and outsourced image data processing
Date of registration September 1, 2006
Examining institution Japan Quality Assurance Organization (JQA)
Certification symbol ISO/IEC 270001