Information Security Policy
- *Please note that this document is an unofficial translation and was prepared for reference purpose only. The original release is in Japanese.
SoftBank Corp. (hereafter called “SB”) has developed “Information Security Policy” in order to always get the trust of society including our customers by taking drastic and high-level measures against the risk of information leakage.
Application of Information Security Policy
- Buildup of information security management structure
Build up a highly secured information security management structure to gain the society's confidence at any time through making every possible effort to protect all information assets held by SB as well as complying with the information security-related statutes and other rules.
- Assignment of “Chief Information Security Officer”
Set up Information Security Committee as well as assign “Chief Information Security Officer (CISO)”, which enables SB to take proactive actions to have accurate visibility of the company-wide information security status and to promptly take necessary measures.
- Development of information security-related company rules
Develop company rules based on Information Security Policy to demonstrate the clear policy for not only the personal information but also information assets in general as well as internally and externally keep everyone informed about SB's tough stance against the information leaks.
- Development/enhancement of audit structure
Further develop the structure which enables SB to carry out internal audits of compliance with Information Security Policy, the company rules and other relevant rules. In addition, SB makes every possible effort to continue external audits to obtain more objective evaluation. SB will prove that all of its employees, etc. comply with Information Security Policy.
- Implementation of system with full information security measures
Implement a fully protected system against unauthorized access to, leaks, modification, loss, destruction or hindered use, of the information assets. As preventive measures, SB gets involved in this issue with the view to completely manage access to data or systems such as working in a highly secure area, preventing unauthorized users from accessing data base or granting access based on the “principle of need to know*”.
- Enhancement of information security literacy
Ensure that the employees, etc. are given security education/training and that all people engaged in SB's information assets perform activities with the information security literacy.
In addition, SB will continue providing its employees with education/training to cope with ever-changing circumstances.
- Strengthened management structure of outsourcing agents
Request outsourcing agents to keep a security level which is the same or more than that of SB by fully examining eligibility of the outsourcing agents when outsourcing operations. In addition, SB intends to continuously review the outsourcing agents to reinforce contracts' terms with intent to confirm without interruption that the security level is adequately maintained.
- *Principle of need to know: Principle “only tell the people that need to know the information, not telling them to people who do not need to know”.
Coverage of Information Security Policy
“Information assets” covered by this policy are information obtained or known in the ordinary course of SB's business and all the information held by SB for its business. All of SB's “Directors, employees and temporary staffers” who are engaged in handling and controlling these information assets as well as “outsourcing agents and their employees” who deal with SB's information assets must comply with Information Security Policy.
- This Information Security Policy shall be enforced from Dec 25, 2006.
- Revised on April 1, 2013
- Revised on April 1, 2015
- Revised on July 1, 2015
- Revised on April 1, 2022