Information Security

ISO 27001: 2013 Certification

Sony Network Communications Inc. acquired ISO/IEC 27001: 2013 and JIS Q 27001: 2014 certification for information security management systems (ISMS) in June 2015.

This certification was granted following a transitional review by the International Organization for Standardization (ISO), which issued ISO/IEC 27001: 2013 in October 2013.

In 2003, we became the first domestic Internet Service Provider (ISP) to obtain BS7799-2: 2002 certification, demonstrating our commitment to information security.

In accordance with our information security policy, we will continue to improve the quality of our services through ISMS activities and contribute to the improvement of the overall security of the Internet through customer awareness campaigns and cooperation with industry associations.

Information Security Policy (Basic ISMS Policy)

1.

Scope of application: This policy applies to our business administration and Internet-related services.
Information assets include personal information, information as management resources, such as technology and know-how (documents, data, etc.), information systems, and related facilities/equipment.

2.

Major Initiatives for Information Security

Major initiatives to ensure external trust and internal information security are listed below.

Positioning personal information as our most important information asset and implementing appropriate protection and management measures.
Enhancing our understanding of the threats and vulnerabilities associated with information assets through proper risk assessment.
Operating ISMS effectively and reducing security risks to acceptable levels.
Complying with the Privacy Mark System, Telecommunications Business Law, Copyright Law and ISMS related regulations.
Completing erasing data from discarded PCs and recording media to prevent the leakage of management information.
Controlling access from unauthorized parties to prevent the falsification or leakage of management resources.
Increasing system availability by reducing computer virus infections and system failures.
Enhancing service quality through ISMS activities.
Establishing, maintaining and reviewing business continuity plans.
Conducting information security education and training for all employees.

3.

Security Committee (SEC Committee): We will establish a Security Committee in order to formulate risk assessment standards and structures, provide direction for matters concerning confidentiality, integrity, and availability, and to ensure that protective measures are implemented and reviewed throughout the company in accordance with this Information Security Policy.

4.

Management Responsibility: In order to facilitate the smooth promotion of information security management, the SEC Secretariat shall establish and maintain ISMS under the direction of the Chairperson and the SEC Committee. Departments implementing security measures shall formulate, implement and evaluate information asset protection measures within their respective departments and work to continuously improve ISMS.

5.

Obligation of all employees: All employees involved in the management of information shall have a thorough knowledge of and comply with this Information Security Policy and ISMS regulations. Any employee violating these regulations shall be subject to disciplinary action in accordance with disciplinary regulations.

6.

Audits: The Internal Audit Manager shall periodically verify that each department is in compliance of our Information Security Policy and the Information Security Management Manual.

Date established: February 5, 2003
Revised: April 1, 2024
Sony Network Communications Inc.
Noriyoshi Nakagawa, President and Representative Director

Acquired Certifications/ Standards: ISO/IEC 27001:2013
JIS Q 27001:2014

Certifying body: ANAB (ANSI National Accreditation Board)
the Japan Institute for Promotion of Digital Economy and Community

Certification number: IS 571190

Registration date: 27-Jun-03