TOP > Information Security Policy

Information Security Policy

Revised: September 25, 2025

OrganTech Co., Ltd. recognizes that maintaining a high level of information security is essential to sound business management.

All executives and employees shall comply with this policy and strive to handle, manage, protect, and maintain information appropriately.

1. Information Security Management System

  • The Company shall designate a person responsible for information security and clearly define their roles and responsibilities.
  • Security-related rules and procedures shall be established and communicated to all employees.
  • Regular risk assessments shall be conducted, and appropriate measures shall be taken as needed.

2. Management of Information Assets

  • All information assets handled within the Company (documents, data, systems, etc.) shall be identified and classified according to confidentiality and importance.
  • The confidentiality, integrity, and availability of information shall be ensured.
  • Rules for storage, disposal, and backup of information shall be established and implemented.

3. Compliance with Laws, Regulations, and Contracts

  • The Company shall comply with all relevant laws, industry guidelines, and contractual obligations.
  • Particular attention shall be paid to the protection of personal information and privacy regulations, and necessary measures shall be taken.

4. Education and Awareness

  • All employees shall receive education on basic information security principles and internal regulations.
  • Training shall be provided to new hires and transferred employees.
  • Regular and refresher training shall be conducted to maintain and enhance awareness.

5. Incident Response

  • The Company shall strive to prevent security incidents such as data leaks, system failures, and unauthorized access.
  • In the event of an incident, prompt reporting, cause investigation, and implementation of preventive measures shall be carried out.
  • Necessary notifications and actions, including those required by laws and regulations, shall be taken.

6. Audits and Evaluation

  • Regular internal audits shall be conducted to verify the appropriateness of the Company's information security systems and operations.
  • Based on the audit results, areas for improvement shall be identified and corrective measures shall be implemented.

7. Continuous Improvement

  • The Company shall regularly review this policy and related rules in light of technological advances, business environment changes, and emerging threats.
  • Improvement measures shall be systematically implemented to maintain and enhance the overall level of information security.

OrganTech,Inc.

Yoshio Shimo,CEO