Information Security Management System (ISMS) Policy

Nature Japan K.K. publishes the Japanese edition of the weekly journal of science, Nature, as well as information on science in Japan and other Nature-branded publications. In recent years Nature Japan has been expanding its operations throughout Asia to encompass China, Korea, Taiwan and Singapore.

We operate in an advanced information society where IT developments are making systems more decentralized and networked than ever before. It’s against this backdrop that information assets are playing an increasingly vital role across every organization. Protection and secure use of information assets are now urgent priorities for any organization.

It is imperative that we protect our information assets from every threat and take appropriate security measures that will enable us to fulfill our corporate social responsibilities and public mission as well as enhance our corporate value.

Working with an eye to ensuring the secure use of all our information assets, we have developed a basic framework that has enabled us to establish an information security management system (ISMS) designed to adequately protect our information assets from all threats, both internal and external. I am committed to seeing this Basic ISMS Policy appropriately managed and strictly adhered to in all aspects of our operations.

Objectives of ISMS

Prevent any information security incident from occurring and ensure the confidentiality, availability and integrity of our information assets.

1. Comply with all relevant information security laws, regulations and agreements.
2. Develop an ISMS organization with an appointed ISMS officer and other personnel as well as an ISMS Committee.
3. Establish and maintain an ISMS manual in compliance with ISO/IEC 27001.
4. Develop criteria for accepting risks, specify acceptable levels of risk, and set appropriate risk management goals and strategies based on systematic risk assessment and management.
5. Provide all employees with regular information security training to ensure that the ISMS objectives are met and increase their information security awareness.
6. Revise basic policies and internal rules on a regular basis in line with changes in society, technology, laws, etc. with an eye to making continuous improvements.
7. Employees must comply with the Basic ISMS Policy, ISMS Manual, and other related rules and regulations. An employee who violates any of these regulations shall be penalized in accordance with the employee rules and regulations.

April 1, 2012
Nature Japan K.K.
Antoine Bocquet, CEO