Basic Concept toward Security System
As long as we are entrusted with our customers’ important information assets to conduct our business, the development of a thorough security environment is a prerequisite for our business. The following is an introduction of the security-related initiatives that SHIFT has continuously developed to ensure that customers can request SHIFT operations at ease. SHIFT considers security not only as a technical measure, but also as a measure that has been incorporated into the “awareness” of each individual. We also take thorough measures to prevent accidents caused by human error.
Internal system to promote security
SHIFT established the Information Security Committee, which is headed by the President and CEO, Masaru Tange, and composed of representatives from each department/ division, and is engaged in various activities aimed at improving information security.
SHIFT has acquired ISMS (ISO/IEC 27001:2013) certification. Based on ISMS standards, SHIFT has established rules and regulations regarding matters deemed necessary for maintaining security from the perspectives of human, physical, organizational and technical measures. In addition, other than those required by the standards, matters that SHIFT determined to be necessary are framed into our rules.
Initiatives Regarding Security System
Here lists examples of distinctive rules and regulations based on the nature of SHIFT’s business.
At each site, SHIFT prohibits entry of the outsiders and adopts the restrictions on entrance with biometric authentication. By switching from physical security card certification to biometric authentication, SHIFT is reducing the possibility of information leaks due to the loss of security cards and other factors, and also making use of this information to foster employee awareness of security.
Restriction on Carry-in Personal Property in the Office and on the Portable Media
In order to prevent the possibility of information leaks by those who are allowed to enter the office, SHIFT prohibits employees from not only using memory devices such as flash drives, but also bringing their private-use mobile/smartphones with themselves into the office area. In addition, all PCs that employees use for their operations belongs to SHIFT, and we control and manage them so as to prohibit the use of memory devices with the setting of each laptops. If they find it necessary to use memory devices for their business operations, we will allow them to use it only for limited purposes after the internal application process is approved.
Efforts to Prevent Incorrect Email Sending
Based on the fact that many of the information leaks that are generally occurring are caused by human error, such as e-mailing errors, we have introduced a check tool that makes all employees to review and reconfirm the email address, the subject and the body in order to prevent erroneous sending each time they are trying to send the email to the outsiders.
In addition to introducing the check tool, we have established a security environment in which only specified employees can send e-mails only to registered persons depending on the contract type and assigned tasks.
Education on Security
SHIFT considers “fostering and continuing security awareness” to be one of the most important things in maintaining security. From this perspective, we provide security training (e-learning) at the time of joining the company and on a monthly basis to all employees regardless of the type of contract. Training content is reviewed continuously and improved reflecting changes in the business environment and other factors. After the training is completed, we conduct a test to confirm their understanding and thoroughly manage it until the correct response rate for all eligible persons is 100%.
We also thoroughly manage e-learning provided to all employees on a monthly basis to ensure that they take the courses for sure. Since 2018, when we started to conduct monthly e-learning, we have maintained a 100% attendance rate.
Checking and audit
Internal audits based on ISMS certification standards are conducted to confirm the status of compliance with security measures in individual divisions as appropriate.
Review by the management
The president and CEO regularly reviews the status of information-security measures at SHIFT. Based on changes in the environment related to information security and the results of internal audits, we conduct continuous improvement activities.
SHIFT has been evaluated by an external auditing organization for these initiatives, and has acquired ISMS certification since October 2012.
＞＞＞Information Security Policy
SHIFT discusses various risks including security risks in various meetings such as compliance committee.