Ship Data Center Co., Ltd. (hereinafter referred to as “we”) provides an environment in which vessel operational data and information relating to sea and weather conditions can be reasonably used as big data, and manages its data center that is provided to users in order to maximize utilization opportunities of big data throughout the entire maritime industry.
We are highly aware that ensuring strong information security is a societal responsibility when it comes to providing an environment in which big data can be used reasonably. We declare to implement our information security policy as established to solidify our trust among interested parties including users and society.
In order to provide high quality service to users, we will engage in the construction, maintenance, revision, and improvement of a strong information security management system that smoothly and promptly keeps up with the changes in user needs, the societal environment, economic conditions, information security demands and principles of information security activities in line with this policy.
- Scope of application
The scope of application is determined from information security demands and the demands of interested parties. The scope of application covers information of organizations involved in business activities, other assets involved, and all information assets related to information processing institutions and information services.
We strive to fulfill the purpose of our information security which takes into consideration information security demands and the outcome of risk assessment and response to risks based on the policy.
- Risk management
We define and carry out a systemized risk assessment approach in order to protect all information assets that we handle from security risks and manage them in a safe and reassured way. We establish assessment criteria of information assets in terms of confidentiality/completeness/availability, assess and analyze risks, and take appropriate measures against actual risks.
- Information security management system
The information security management supervisor is designated as the person-in-charge of information security, and the information security management system is established to facilitate information security.
We observe the requirements of all laws and regulations, including international conventions, related to information security and this business, the requirements specified in contracts with stakeholders, and self-management standards to ensure the maintenance and management of information security.
We implement the education and training required to improve knowledge and awareness to ensure information security.
- Continuous improvement
We periodically evaluate the status of information security management system implementation to ensure that this policy is observed and to promote continuous improvement.
1 April 2018