CSR

Information Security Policy

Established: August 18, 2017

Marubeni-Itochu Steel Inc. (MISI) recognizes the importance of maintaining a high level of information security and protecting information assets from threats such as destruction, alteration and inadvertent disclosure to ensure the continuity and stability of business operations.

We have therefore established the following information security policy. All of our executives and other employees will strive to implement appropriate information asset protection and security measures in accordance with this policy, as well as with all relevant laws and ordinances, company regulations and other social norms.

1.Information Security Policy Scope

The scope of this information security policy shall cover all information assets MISI possesses, as well as all information assets that customers, suppliers, and all other business partners have entrusted to MISI. It shall also cover all MISI executives, employees and individuals involved in MISI operations.

2.Information Security Management System

MISI will construct an information security management system, implement policies related to information security, and periodically revise said policies as necessary.

3.Policies

(1)  Establishment of Information Security Regulations

MISI will establish regulations, bylaws, standards, etc. based on this information security policy, inform all executives and other employees of them, and ensure their comprehensive enforcement.

(2)  Information Asset Management

MISI will appropriately manage the confidentiality, integrity and availability of the information assets it possesses; strive to prevent threats such as destruction, alteration and inadvertent disclosure; conduct periodic examinations; and confirm that all information assets are being managed appropriately.

(3)  Information Security Education

MISI will periodically educate all of its executives and other employees about information security, and implement awareness campaigns to establish and reinforce information security.

(4)  Prevention of and Response to Information Security Accidents/Incidents

MISI will take all appropriate measures to prevent information security incidents and accidents before they occur. If an incident or accident occurs, MISI will immediately ascertain the cause, minimize the damage, and take appropriate countermeasures—including those designed to prevent a recurrence—in a timely manner.

4.Legal and Regulatory Compliance

MISI will comply with all laws, ordinances, regulations and other social norms related to information security.

Marubeni-Itochu Steel Inc.
Tomohito Kaneda
President and CEO