Security Policy
M&L Inc. shall define herewith the fundamental of our information security policy to ensure secure handling of the information and confidential data obtained from business activities with our customer as well as to appropriately protect such data privacy. We are always to be a trusted organization for our customer by keeping our security practices implementing based on this security policy.
What follows is the fundamental of our information security policy:
Scope
This security policy shall be applied to any information asset involved as well as all persons (including M&L directors, employees and contacted staff) using such information.
Information Security Framework
We establish a strict information security framework with assigning a responsible person for internal information security control.
Information Security Practices
To assure information availability, integrity and confidentiality, we implement appropriate information security practices from physical, personnel and technical security perspectives.
Information Security Deployment
We set internal security rules and impose their strict compliance on all information users.
Personal Information Handling
Today's advanced information society requires social responsibility for personal information handling. To meet this critical requirement, we define a separate privacy policy for personal information handling and protect personal information security.
Information Security Training
To keep and improve the level of our information security, we provide adequate training and required information delivery time to time for higher understanding of relevant legal regulations.
Information Availability
As to the information created from our business operations, we impose regular data backup by individual, project or organization on each of information users at the predefined frequency for assured information availability.
Action Plan for Security Incident
We conduct scheduled backup of system configuration information and operation data so as to enable system restore to the state before any security incident. We assign a security manager to conduct scheduled system and network inspection and validation and do best efforts for earliest detection of network attacks. We distribute or inform system vulnerabilities by collecting such information as quickly as possible to minimize security risks in any case. If any incident occurs, we clean up the system and restore the system as quickly as possible by using the latest system backup.
