Security Policy

Basic Policy of The Company Regarding Information Security

Basic Concept

Headwaters Co., Ltd. (hereunder referred to as "the company") will contribute to society via such businesses as (1) system design, development, and operation, (2) consulting, (3) system integration, (4) outsourcing of system development, (5) network construction and management, (6) Internet solutions, (7) IT education services, etc.

The company is aware of the social responsibility of strictly protecting the information assets of the customer and information assets relating to employees (including not only employees in employment relationships, but directors, auditors, dispatched staff, etc.) that are handled in the course of the above businesses.
In addition, it will obey laws relating to information security, guidelines determined by the country, and other standards, determine that management of information security is an important corporate activity, and will work toward the protection of information assets by having employees obey the following basic information security policy.


1. Definition of Information Security

Information security is defined as maintaining the confidentiality, completeness, and availability of information.

2. Purpose of Information Security

The purpose of information security is to reduce all risks to below a prescribed acceptable risk level.

3. Applicable Laws

The company will, as well as constantly maintaining the newest status, obey laws relating to information security, guidelines determined by the country, and other standards.

4. Information Security Education, Training, and Awareness Improvement

Education and training relating to information security will be implemented periodically for all employees.

5. Continuous Management

A continuous business plan will be drafted, maintained, and reviewed far as is executable.

6. Penalties

If activities that compromise the protection of information assets within the applicable limits of the information security management system are conducted, these will be treated severely, made public, and dealt with thoroughly both inside and outside the company.

7. Information Security Incidents

The company will respond rapidly in cases where a security case or accident occurs, or when there are indications thereof, including reporting information security incidents.

Date of enactment: April 1st, 2009
Last Revision: July 1st, 2009
Headwaters Co., Ltd.
Representative director: Yosuke Shinoda