Top of Page
IIJ has established the "Basic Information Security Policy" as a code of conduct in how to appropriately handle information asset. All officers and employees, including contractors and temporary workers, are educated on information security when they join IIJ to deepen their understanding of basic policy and related rules.
IIJ has appointed a Chief Information Security Officer (CISO) and established the "Information Security Committee." With these in place, IIJ has recognized accurately the status of operations related to information security and implemented necessary measures in a timely manners. In order to check compliance by all officers and employees with the “Basic Information Security Policy" and related rules, IIJ has conducted internal audits once a year and outside audits (ISMS) once a year.
IIJ Group has received an approval for its Binding Corporate Rules (BCRs), IIJ Group's documented rules on personal data protections, which are subject to EU's personal data protection law called the General Data Protection Regulation (GDPR) (*2), from Germany's Data Protection Authority (DPA). With the BCR approval, IIJ Group has proven that its services have the same level of privacy protection as in Europe, which has allowed the legitimate distribution of EU personal data across borders within IIJ Group.
IIJ holds the Data Governance Council chaired by the executive vice president to strengthen data governance. The council has the role of receiving reports from departments in charge of internal control system and services related to data governance, conducting a multifaceted and comprehensive risk assessment of such systems and services, providing advice to each of these departments and making recommendations to the president.
End of the page.