Information security policy
As an organisation providing Internet related services, an increasingly central social infrastructure, IIJ Europe Limited, (hereinafter called the “Company”) offers its clients secure, reliable and quality services. By doing so, and in joint efforts with its clients, it seeks to pave the way towards a new network society.
In this context, in addition to quality, the Company acknowledges its important responsibility to ensure information security by preserving the confidentiality, integrity and availability of information entrusted to its care by clients as well as its own information. Accordingly, the Company has implemented an appropriate information security management system (ISMS), which conforms to the requirements of ISO/IEC 27001. This ISMS forms part of the Company’s integrated management system, which in addition to ISO/IEC 27001, also conforms to ISO 9001 (quality) and ISO 22301 (business continuity).
Thus, the Company takes a company-wide approach to risk management, covering information security, quality and business continuity, which accords with the risk management principles and guidelines established in ISO 31000 (risk management). The Company’s policies constitute a code of conduct for everyone in the Company. The Company hereby declares that all employees undertake their duties according to ethical standards, in full compliance with these policies. In particular:
- The Company complies with all relevant laws and regulations, and contractual obligations.
- The Company’s Managing Director assumes the responsibilities of a Chief Information Security Officer (CISO) and chairs the Integrated Management System Forum (IMSF), which directs and oversees the information security, quality and business continuity interests of the Company.
- The Company is committed to ensure the competence and awareness of its employees, their contribution to quality, information security and business continuity, and the implications of not doing so.
- The Company has implemented a comprehensive set of risk treatment plans which assist it to manage risk, and maintain its risk exposure within acceptable limits. These plans are regularly reviewed and revised as necessary, to keep pace with changes in threat landscape, technology and the business environment.
- The Company undertakes periodic internal and external audits, and management reviews, and is dedicated to continual improvement.
- Should an incident occur, the Company reacts promptly to minimise any potential damage and recover swiftly, in accordance with its incident management processes and business continuity plans.