Basic Policy on Information Security

Basic philosophy

Nitori Co., Ltd. considers its mission to be building its business as a “lifestyle proposal company” for its customers, and to fulfill its social responsibility as a firm that handles customer information, Nitori aspires to be a company its customers can truly trust to strictly manage and protect the information assets of the Company and its customers.
In the course of managing its business activities centered on the planning and sale of furniture and interior merchandise, interior coordinating for newly-built residential homes, sales of products imported from overseas and developed overseas, and advertising and public relations, Nitori Co . Ltd. utilizes its own unique information assets and receives information assets from other sources, including personal information provided by customers. The Company considers protecting these information assets from external threats to be one of its highest priority management issues.
Nitori Co., Ltd. therefore has prepared a Basic Policy on Information Security. The Company policy is important to build and manage an information security management system, and take all necessary protection measures and appropriate security precautions for its information assets, including personal information, based on this Basic Policy, and the Company hereby declares its approach to information security.

Objective

This Information Security Basic Policy has been prescribed as the basic policy for preparing and managing an information security management system in accordance with the JIS Q 27001:2006 (ISO/IEC 27001:2005) standard for the purpose of protecting the information assets of customers and the Company from all intentional or accidental internal and external threats and continuing stable business operations.

Basic Policy

  1. Creation of an information security management system Nitori Co., Ltd. shall create an information security management system (ISMS) that includes the following actions.
    • Clarify the Company’s information assets, analyze the risks that might arise for each asset and implement appropriate management policies including measures against unauthorized computer access, anti-virus measures, measures to prevent leaks, and reliability measures.
    • Comply with all laws, standards, requirements based on agreements and internal rules related to information security.
    • Establish an information security management organization and continuously implement and improve its activities.
  2. Information security management organization
    • Nitori shall designate an ISMS administrator who will have overall responsibility for the information security management system. The ISMS administrator shall guide the organization with regard to the construction and management of the information security management system, including reporting of security events and accidents, and be responsible for its control.
    • Nitori shall establish an ISMS Committee to ensure it accurately understands information security conditions at all levels of the Company and can promptly implement necessary measures.
  3. Protection of personal information
    Nitori Co., Ltd. shall carry out personal information protection measures based on its Personal Information Protection Policy for personal information administered in all of the Company’s business activities, and take the necessary protection and appropriate security measures.
  4. Education, training, and thorough information dissemination measures concerning information security
    Nitori Co., Ltd. shall provide regular education and training for company directors and employees concerning information security, and seek to achieve thorough dissemination of information concerning the importance of information security and appropriate administration and control.
  5. Review of the information security management system
    The Company shall regularly conduct reviews to ensure the information security management system is being managed correctly and reliably.
  6. Response to security accidents
    When an information security-related accident occurs, the individual who discovers the accident shall promptly report the details to the ISMS administrator, and take emergency measures if necessary. The administrator shall analyze the cause of such information security accidents and implement measures to prevent a recurrence.
  7. Business continuity management
    The Company shall ensure the continuity of its business by restricting, to the extent possible, the interruption of its business resulting from causes such as disasters, breakdowns and negligence that occur by accident and the intentional misuse of information assets.
  8. Measures to prevent violations of this Basic Policy
    Employees of the Company shall conduct themselves in accordance with this Basic Policy, and if they have violated this Basis Policy shall be subject to discipline based on the Company’s Work Rules.

September 21, 2008
Nitori Co., Ltd.
President and Representative Director Akio Nitori

Return to top of page


Reproduction or quotation of any materials from the site without permission is strictly forbidden. All the materials are protected by the Copyright Law of Japan and international treaties. Copyright 2009 NITORI. All rights reserved.Never reproduce or republicate without written permission.