musicomusico
日本語

Security Policy

MUSICO Inc. (hereinafter referred to as "the Company") recognizes that our information assets (customer information, employee information, systems, networks, etc.) are exposed to various threats, both external and internal, and positions their protection as one of our most important management priorities.

The Company establishes the following Security Policy (hereinafter referred to as "this Policy") and strives to ensure, maintain, and improve information security.

1. Scope of Application

This Policy applies to all officers and employees of the Company (including part-time workers, temporary staff, and dispatched workers) and our business contractors. It covers all information assets (information systems, networks, data, hardware, software, etc.).

2. Establishment of Information Security Framework

The Company appoints an Information Security Officer (such as CISO) to oversee information security management. We aim to continuously improve our security level by conducting regular risk assessments and establishing, operating, and reviewing policies, regulations, and procedures related to information security.

3. Risk Assessment

The Company conducts risk assessments by properly evaluating the value of information assets and assessing potential threats and vulnerabilities. Based on the assessment results, we prioritize and implement or improve necessary security measures.

4. Access Control

The Company properly manages access rights to information assets and prevents unauthorized access.

  • Clear management processes for granting, modifying, and revoking access rights
  • Implementation and operation of password policies (regular changes, complexity requirements, etc.)
  • Thorough management of accounts for departing employees and transfers

5. Technical Security Measures

The Company implements the following technical measures to protect information systems and networks:

  • Implementation and operation of firewalls and Intrusion Detection/Prevention Systems (IDS/IPS)
  • Installation of antivirus software and regular scanning
  • Use of encrypted communications (SSL/TLS, etc.)
  • Application of latest security patches and regular vulnerability assessments

6. Physical and Environmental Security

The Company implements the following physical and environmental measures to prevent unauthorized access, theft, and destruction of information assets:

  • Access control for server rooms and offices (IC cards, security gates, etc.)
  • Installation of locking facilities and security cameras
  • Establishment of backup systems and fire/earthquake-resistant facilities for fire and disaster preparedness

7. Personnel Security and Training

The Company implements the following personnel management and training to maintain and improve information security:

  • Documentation of compliance matters such as confidentiality obligations in employment and service contracts
  • Explanation and management of information security compliance matters during employee onboarding, employment, and departure
  • Regular information security training and study sessions

8. Operation Management and Incident Response

The Company ensures stable operation of information assets and responds quickly and appropriately to minimize damage in the event of security incidents (information leaks, system failures, unauthorized access, etc.).

  • Establishment of reporting and communication systems for incidents
  • Investigation of causes, identification of impact scope, and implementation of preventive measures
  • Regular review of audits and records (logs)

9. Management of External Contractors

When outsourcing part of our operations, the Company enters into information security agreements and manages and supervises contractors to ensure they maintain information security at a level equivalent to this Policy.

10. Continuous Improvement

The Company reviews and continuously improves information security measures, including this Policy, in accordance with changes in social conditions, technological advancements, and legal and regulatory requirements.

11. Response to Violations

If violations of this Policy or related regulations are confirmed, the Company will take strict disciplinary action in accordance with employment rules and may take legal measures as necessary.

12. Inquiries about Security Policy

For inquiries regarding this Policy, please contact us at:

【MUSICO Inc.】

1-12 Udagawacho, Shibuya-ku, Tokyo 150-0042

E-mail: info@musico.co.jp

(Business hours: Weekdays 9:00-17:00)

Homepage
Security Policy