Japan Bank for International Cooperation (hereinafter "JBIC") adopts the following fundamental policy concerning the use and management of information assets and will properly handle, manage, protect, and maintain information assets to achieve information security that meets the highest standards so as to support its proper and efficient operations.
JBIC shall use and manage information assets in line with the basic principles set forth hereunder while complying with all applicable laws, regulations, and rules.
- A. Information assets shall be used appropriately and only for their intended purposes.
- B. Authority concerning the management of information assets shall be granted only after careful consideration of the nature of the work and necessity.
- C. When adopting and implementing information security measures, the following matters shall be taken into consideration, based on the nature of the work:
- (a) Clarification of responsibilities and roles within implementation structures
- (b) Timely and prompt implementation of necessary, sufficient, effective, and efficient measures
Proper Management of Information Assets
Information assets refer to information and information systems. JBIC classifies them according to such factors as their degree of confidentiality, completeness, usability, and importance, and manages them appropriately in accordance with their classification.
Information Asset Management Structures
JBIC shall establish a structure for ensuring the security of information assets.
Protection of Personal Information
Protection of Client Information
JBIC shall establish the basic policy for protecting its clients and increasing their convenience for the purpose of appropriate protection and management of information pertaining to them in accordance with this basic policy.
Training on Information Asset Management
JBIC shall provide necessary training to all officers and employees who handle information assets to ensure that they understand requirements in the applicable laws and regulations, as well as in this policy and other applicable rules, and prevent the occurrence of information security problems.
In the event that JBIC engages persons other than its officers and employees to manage its information assets by outsourcing such work, it shall verify that information security is ensured and that appropriate measures have been taken in accordance with the content of the information assets.
Responses to Incidents Concerning Information Assets
In the event of improper disclosure of personal or client information or other incidents causing a problem on information security, JBIC shall promptly take appropriate measures.
Evaluation and Review
JBIC shall evaluate and review this policy, as necessary, to make flexible responses to changes in the external environment, such as the enactment, amendment, or repeal of applicable laws and regulations, as well as innovations in information security technology, and to changes in the internal environment, including organizational and operational changes and updates to JBIC's information systems.