Information Security Management System
Information Security Management System
Basic Policy on Information Security
At dip and its subsidiaries (“the dip Group”), personal information and other various information obtained from all stakeholders is recognized as one of the most important assets in business management. We have formulated a basic policy for information security with the aim of developing a system to continuously protect this information.
The dip Group complies with the basic policy for information security and has developed an information security management system (ISMS) as well as established various internal regulations and guidelines. We also work to enhance and raise awareness through efforts such as regular information security education and cyberattack training.
The dip Group is committed to the continuous maintenance and improvement of these information security management systems and to the realization of a healthy information society while preparing for changes in the environment and new threats that may emerge.
1. International Standards for Information Security Management System Acquisition of ISO27001 and JIS Q 27001 Certification
On October 14, 2005, we acquired certification for the information security standard 「BS7799」 and the ISMS Certification Standard. Subsequently, on October 15, 2005, the ISMS Certification Standard was replaced by the international standard 「ISO27001, and the domestic standard JIS Q 27001 on May 20, 2006」. We were assessed for transition to 「ISO27001」 (JIS Q27001) during continuation and expansion audits conducted in October 2006, and these certifications were acquired on November 27, 2006.
| Coverage of the Certification |
| Head office and Sapporo, Sendai, Shinjuku, Shimbashi, Kitasenju, Digilabor(DX division), Shibuya, Ikebukuro, Tachikawa, Machida, Kawasaki, Yokohama, Shonan, Funabashi, Chiba, Kashiwa, Tsukuba, Utsunomiya, Omiya, Kumagaya, Takasaki, Shizuoka, Nagoya, Toyohashi, Kanayama, Gifu, Osaka, Kyobashi, Namba, Kyoto, Kobe, Hiroshima, Fukuoka, Kokura. |
| Certification Standards | |
| ISO27001 | (JIS Q 27001) |
|---|---|
| Acquired Certification standards | ISO/IEC 27001:2013(JIS Q 27001:2014) |
| Certification Number | IS97518 |
| Date of Registration | Date of initial certification registration:October 14, 2005(BS7799、ISMS) |
| Latest issue date | September 2, 2022 |
| Examination and Registration Authority | BSI Group Japan Co. Ltd. |
| Certifying Bod | ISMS-AC(ISMS Accreditation Center) ANAB(ANSI National Accreditation Board) |
Services Covered by the Certification
Development and operation of Internet-based job sites, provision of job information, planning and sales of fee-based job placement business and DX services.
2. Comprehensive information security education
We conduct information security and privacy protection training and drills appropriate to the scope of work and position for our employees (permanent, contract and part-time), including temporary staff and outsourced workers.
Entry level training
We conduct ISMS/PMS training for all employees (permanent, contract and part-time) including temporary staff and outsourced workers, to allow them to acquire the knowledge and understanding of measures related to information security and privacy protection, as well as our internal information security rules.
Training for new graduates
New graduates, several hundred of whom are hired each year, acquire basic knowledge and understanding of measures related to information security and privacy protection, as well as our internal information security rules, within the new graduate induction training program.
Training for New Management
When appointed to a managerial position, we provide training to acquire the information security and privacy protection knowledge necessary for organizational management.
Compliance Training
Compliance tests are conducted once a quarter for all employees. These tests aim to raise compliance awareness by covering issues related to overall compliance, knowledge of information security, our regulations, policies, reporting systems, etc. In addition, items related to anti-bribery, human rights, and other important issues are incorporated as appropriate.
3. Membership in the Japan CSIRT Council
In order to respond to increasingly sophisticated and frequent cybersecurity risks and to strategically and cross-sectionally promote incident prevention, early detection, countermeasures, and security measures at a growing organization, we established dip-CSIRT* and have been a member of the Japan CSIRT Council since April 2023. Through the activities of this council, we share security incident information and vulnerability information with other member companies and strive to improve the level of security.
* CSIRT (Computer Security Incident Response Team): A dedicated team for dealing with computer security incidents.
4. Response to information security incidents
In the event of an information security incident, we promptly report it in accordance with the “Business Crisis Management Regulations“and have established a task force headed by the CEO to expeditiously and appropriately respond and prevent recurrence.