Information Security Policy
1. Purpose At BuyChemJapan Corporation (hereinafter “we” or “the Company”), we recognize that safeguarding our information assets is essential to conducting our chemical business, which includes developing and managing a digital platform for the chemical industry, facilitating import/export and sales of chemical products, and managing our personnel (collectively referred to as “the Business”). Ensuring information security and protecting our assets is both a foundational requirement for conducting business with public trust and a vital corporate responsibility. In recognition of the importance of information security, we have established this Information Security Policy (“Policy”) and implemented an Information Security Management System (ISMS) to continuously improve our information security practices. |
2.Definition of Information Security We define information security as maintaining the confidentiality, integrity, and availability of information assets (1) Confidentiality Protecting information assets from unauthorized access and ensuring information is not disclosed to individuals, entities, or processes without appropriate permissions (2) Integrity Safeguarding information assets from tampering or inaccuracies, ensuring information remains accurate and complete (3) Availability Protecting information assets from loss, damage, or interruptions so they are accessible when needed |
3. Scope of Application This Policy applies to all information assets managed by the Company, covering all forms, including electronic devices, digital data, and paper documents (1) Organization BuyChemJapan Corporation (2) Facilities Headquarters (3-8-7 Minamisemba, Chuo-ku, Osaka, Japan) (3) Business Development and management of a global marketplace for chemicals (4) Assets Documents, data, information systems, and networks associated with the above business operations |
4. Implementation Actions In alignment with this Policy and our ISMS, we undertake the following actions (1) Information Security Objectives: We establish information security objectives that align with this Policy and applicable requirements, considering the results of risk assessments and mitigation strategies. These objectives are communicated to all employees and are reviewed periodically to adapt to changes in our operating environment. (2) Handling of Information Assets: a) Access rights are granted only to those who need them for business purposes b) Management is conducted in accordance with legal, regulatory, and contractual requirements, as well as ISMS regulations c) Information assets are classified and managed according to their value, confidentiality, integrity, and availability d) Continuous monitoring is conducted to confirm proper management of information assets (3) Risk Assessment: a)We conduct risk assessments and implement appropriate risk responses and controls for key information assets identified through these assessments b) Root causes of incidents related to information security are analyzed, and recurrence prevention measures are put in place (4) Business Continuity Management: We implement measures to minimize business disruptions due to disasters or system failures, ensuring business continuit (5) Education and Training: We provide information security education and training to all employees (6) Adherence to Policies and Procedures: We comply with all policies and procedures under our ISMS (7) Legal, Regulatory, and Contractual Compliance: We adhere to all legal, regulatory, and contractual information security requirements (8) Continuous Improvement: We are committed to continuously improving our ISMS |
5.Responsibilities and Obligations The CEO is responsible for the ISMS, including this Policy. All employees within the scope of application must adhere to the policies and procedures set forth. Employees who violate these obligations are subject to disciplinary actions in accordance with company rules. Contractors are managed according to individually defined contractual agreements. |
6. Regular Review Our ISMS is reviewed periodically and as necessary to ensure it remains effective and well-managed |
Established: August 1, 2021
Last Revision: September 5, 2024
CEO: Shingo Oguchi