Basic Policy on the Information Security Management System (ISMS)
Springer Nature Japan K.K. ("the Company") provides publications and related services including the printed version in Japan of the weekly general-science journal Nature, and promotes activities associated with the publication activities of Nature in general, including reporting on science in Japan. In recent years, these activities have continued to expand and they currently encompass areas of Asia including South Korea and South East Asia.
At the same time, in today's society of advanced computerization in which systems are becoming decentralized and networked accompanying progress in information technology, the role that information assets play in all kinds of organizations is becoming increasingly important, and the protection and safe use of these assets have become critical, pressing challenges.
Therefore, for the Company to fulfill its social responsibilities and its public mission and to increase its corporate value, it is essential for it to protect the information assets in its possession from all threats and establish appropriate safety measures.
In light of these challenges and issues, the Company has introduced an information security management system (“ISMS”) aimed at establishing and implementing a basic framework that will provide appropriate protection from various internal and external threats and achieve safe use of information assets. Furthermore, by establishing this ISMS Basic Policy, we hereby declare our commitment to appropriately maintaining and operating the ISMS.
Objectives of ISMS
The ISMS will prevent information security incidents and ensure the confidentiality, availability and completeness of the information assets the Company has in its possession.
- We will comply with provisions of laws, regulations, statutes and agreements concerning information security.
- We will set up an ISMS framework that includes the appointment of ISMS officers and the establishment of an ISMS committee.
- We will establish and maintain the ISMS prescribed by the Company.
- We will establish levels of risk acceptance, identify levels of risk acceptability, and establish appropriate management objectives and management measures based on systematic risk assessments and risk management.
- We will conduct regular information security training for all employees to enhance awareness of the sound operation of the ISMS and information security.
- We will promote ongoing improvement through regular reviews of the basic policy and internal rules accompanying changes in society, technology, and laws and regulations, etc.
- Employees will comply with the ISMS Basic Policy and relevant rules. Employees who violate these will be subject to disciplinary measures under the Employment Rules and other rules and regulations.