Information Security Policy
Established April 01, 2005
Revised January 01, 2019
In offering comprehensive services centered around payment processing, SB Payment Service Corp. takes sufficient security measures to allow customers to use them with peace of mind in addition to complying with the basic policy below and further striving to continuously improve and ensure information security in order to gain society’s trust.
1. Establishment of an Information Security Management System
We strive to protect all information held by the Company and will build a management system that earns society’s trust by complying with the laws, regulations, and other norms related to information security.
An Information Security Committee will be established at the core of the management system, which will strive to accurately grasp the implementation status of information security management measures company-wide.
In addition, the Information Security Committee’s own activities will be under constant review, with aggressive activities undertaken to ensure the best possible management system.
2. Establishment of Information Security Regulations
We establish regulations pertaining to information security regarding the management and operation of information assets. In addition to incorporating legal, regulatory, and other requirements for business continuity, we sincerely acknowledge the obligations and other demands for information security based on our contracts with customers and strive to reflect these in our regulations.
Based on these Information Security Regulations, we ensure thorough awareness of our strict stance against information leaks both internally and externally.
3. Establishment and Enhancement of the Audit System
We establish a system that enables us to conduct internal audits of compliance with our Information Security Policy as well as other rules and regulations.
Audits are also conducted by professional external organizations in order to obtain more technical and objective evaluations.
By conducting these audits systematically, we ensure that all employees comply with our Information Security Policy.
4. Development of Information Systems in Full Consideration of Risk Management
We build and operate information systems that enable the earliest possible detection of and countermeasures against intrusion, leaks, falsification, loss, destruction, and obstruction of information assets, be it intentional or accidental. These systems are based upon a configuration that emphasizes business continuity, and achieve security configurations and control of access for data-centered information systems and operations, including safe operation in high-security areas and database protection.
5. Improvement of Information Security Literacy
We implement regular information security programs for executives and employees (including temporary employees and subcontractors), providing continuing education and training so that all employees are able to carry out their daily work with a greater degree of information security literacy.
6. Strengthened Contractor Management Systems
When concluding a business consignment contract, we thoroughly vet the eligibility of the consignee and strive to ensure information security. In addition, we regularly confirm whether the level of information security is being maintained after the contract is concluded.