ISMS - set-international

At Set International Co. Ltd (hereinafter referred to as “the Company”), information (including personal information and specific personal information) and information systems (hereinafter referred to as “information assets”) are the most important assets. We must take thorough security measures and utilize these assets effectively.

In order to maintain and continue the relationship of trust we have built with our customers over many years and to create new assets with keen sensitivity and creativity, we must never allow incidents such as information leaks to occur. In addition, it is necessary to ensure security while introducing new working methods.

Information assets are distributed and shared within the company and an Information Security Management System (ISMS) is essential for proper management. Therefore, the company promotes the ISMS within the following guidelines:

1. Definition of information security

Information security is defined as the protection of information assets from threats and ensuring and maintaining the “confidentiality”, “integrity” and “availability” of information.

2. Purpose of information security

The purpose of information security is to protect the information entrusted to us by our customers and the company’s information assets and to manage risks appropriately in order to gain the trust of those involved.

3. Goals for information security

We set ourselves targets to improve the effectiveness of information security management measures and raise employee awareness of information security. We want to achieve these goals through the PDCA cycle in order to realize an effective ISMS.

Implement appropriate information security management to prevent information security incidents.
Minimize damage and recover quickly in the event of an information security incident and prevent recurrence.
Ensure that all employees are aware of their responsibilities and procedures in relation to information security and are adequately trained.

4. Scope of application

The scope includes all information assets that the company manages as part of its business activities. The target group includes all persons who handle these information assets. Teleworkers and external contractors are also covered by this policy through contractual agreements.

5. Organizational structure of information security

In order to manage the risks comprehensively, the President appoints a Chief Information Security Officer (CISO) as the person responsible for information security. The CISO establishes and oversees the “Information Security Committee (IS Committee)” The IS Committee conducts awareness activities and assessments related to information security, seeking approval from the CISO and final approval from the President. The CISO reports to the President as required to establish, implement, maintain and continuously improve the information security management system.

6. Identification of assets and risk assessment and selection of management measures

The CISO and the IS Committee identify the assets managed by the company and their responsible managers. They conduct risk assessments of the identified business processes and select appropriate and suitable management measures to protect these assets. The CISO and the President examine how to proceed in the event of incidents involving assets.

7. Compliance with laws and regulations

The company diligently complies with information security laws and regulations, including the Personal Data Protection Act, the Personal Data Protection Act, the Copyright Act and laws prohibiting unauthorized access, as well as industry guidelines, company regulations and contractual security obligations with business partners.

8. Obligations of the employee

All employees of the company must act in accordance with the information security policy, the ISMS manuals and the standards. Violations will result in disciplinary action.

9. Training

Under the direction of the Information Security Manager, all employees, delegates of the company and employees of external contractors are thoroughly informed about this policy and continuously trained to ensure information security.

10. Business continuity management

To minimize business disruption due to security incidents and ensure business continuity, the company implements a business continuity plan to ensure the continuation of its operations.

11. Continuous Improvement

The company conducts regular internal and external audits to objectively assess the rationality of information security measures and makes the necessary changes to continuously improve.