Information Security Policy

Basic Principle

WHITEESSENCE Co., Ltd (hereinafter “the Company”) operates on the basis of its philosophy, being a smile-creating industry. Information about customers and other information assets that the Company handles in its business operations comprise a very important foundation of the Company’s management of its business. The people handling information assets, including officers and employees who understand the importance of protecting our information assets from leakage, damage, loss etc., obey this policy and implement activities for maintaining the security of information assets in terms of confidentiality, integrity and availability.

Basic Policy

  • To protect our information assets, we formulate and follow our information security policy and related regulations. At the same time, we will obey laws and regulations relating to information security and other standards and agreements with customers.
  • We clarify the criteria for analyzing and assessing risks related to the leakage, damage, loss, etc. of information which are an inherent part of our information assets, and establish methods for systematic risk assessments. We assess risks on a regular basis. Based on the result of these assessments, we take the security measures that are necessary and appropriate.
  • An information security system will be established under the leadership of an officer in charge. We also clarify authority and responsibilities concerning information security. Education, training and awareness raising programs are regularly held so that all employees understand the importance of information security and ensure the proper handling of information assets.
  • The observance of the information security policy and the handling of information assets are regularly inspected and audited. Detection of flaw or the need for improvement will be promptly followed by corrective action.
  • Appropriate actions will be taken when an event or incident occurs that threatens the security of our information. We have established procedures for the handling of these events or incidents if they occur to minimize damage. If an emergency occurs, it will be promptly handled and the appropriate actions will be taken. A framework for the management of incidents that could disrupt our business operations will be established and regularly reviewed to ensure the continuity of the Company's business.
  • We have established and implement a system for the management of information security which sets goals for the achievement of our basic philosophy. The system will be continuously reviewed and improved.