Policy on Information Security
1. Introduction
In business, having the right information at the right time can make the difference between profit and loss, success and failure. Therefore, Chuo Translational Science (CTS) Management recognizes information as a key corporate asset.
This Information Security Policy expresses CTS Management’s commitment to adequate protection of all information assets valuable to CTS from all threats, whether internal or external, deliberate or accidental.
It addresses information in any form and aims in particular at ensuring the
– Availability,
– Integrity and
– Confidentiality
of information, to the extent required by the business.
2. Scope
Information takes many forms and includes data stored on computers, trans-mitted across networks, printed out or written on paper, sent by fax, stored on magnetic or optical media or spoken in conversations or over the telephone, etc. It can also consist of work-knowledge or ideas, or it can be represented in material substances and goods.
Information considered in the context of this Policy comprises both Company internal and external information as well as information assets. Information assets include the resources used to capture, process, store, archive, transport, present and/or destroy information.
3. Basic Principles
CTS Management is committed to the following principles:
- The approach to Information Security is business-driven, risk-oriented and in accordance with established good practice.
- All forms of information, whether computerized or not, are to be protected coherently.
- Security measures should be effective, consistent and cost justified.
- Regulatory and legal requirements must always be met.
- Responsibility for Information Security is directly assigned to the CEO of CTS.
- This policy will be complemented by further regulations on specific Information Security issues.
- All employees are responsible for observing the Information Security Policy and the pertaining regulations in accordance with their functions and authorities.
- Deviations from this Information Security Policy or the pertaining regulations and any security breaches must be reported to CTS Management.
4. Validity
This Information Security Policy is valid as of June 1, 2019.