Aztec's information security system
2020.03.24 | search column
table of contents
XNUMX. XNUMX.Introduction
Previous column(*) Introduced the advantages and disadvantages that should be considered when considering outsourcing of internal operations.
(*) "Advantages and Disadvantages of Patent Search Outsourcing (XNUMX)'
(*) "Advantages and disadvantages of patent search outsourcing (XNUMX)'
When examining a contractor, not only the advantages but also how to reduce the disadvantages is important, but even if information is collected from the outside, it is difficult to grasp the detailed situation of the contractor. I can't.Therefore, this time, I would like to introduce Aztec's information security measures and management mechanism in relation to the "weakening of governance" introduced in the above column.
XNUMX. XNUMX.Specific security measures
According to the Information-technology Promotion Agency (IPA), the number of information security incidents reported in FY2018 decreased compared to FY2017, while the rate of "information leakage / loss" increased by 15%. I will.In addition, the most common cause of information leakage incidents was "wrong operation" at 25.1%, "lost / misplaced" at 21.8%, "management error" at 13.0%, and "setting error" at 4.7%. More than a percentage is human error.
Countermeasures against this human error are considered to be one of the cornerstones of information security.With that in mind, let me introduce some of the specific security measures within Aztec.
① Monitoring and access restrictions
We prevent the entry of third parties such as people outside the company, prevent access to data by employees unrelated to business, and reduce the risk of information leakage.
- 24-hour monitoring of people entering and leaving the room with a camera
- Building security system + original auto-lock mechanism
- No outsiders can enter the analysis room (meetings with the outside are on a separate floor)
- Access control to internal server
② Handling of data
Even a searcher who carries out business can prevent unnecessary data from being taken out, viewed, or duplicated, reducing the risk of information leakage.
- Restrictions on taking out information outside the company and restrictions on viewing outside the company
- Prohibit connection of USB memory or personal terminal to in-house system
- Prohibition of shooting and recording in the in-house work area
③ Use of software services
In addition to building a direct barrier against the occurrence of an accident, we are working to reduce the labor involved in the countermeasures themselves.
- E-mail mis-sending prevention software
- Secure telework system
- Whitelist software usage
- Log collection software
These security measures trade off safety and convenience.In fact, some people say that the above measures are troublesome and time-consuming.Is it worth the effort and cost? It's always a question.Nevertheless, we take these steps because we are convinced that confidentiality is one of the most important elements of trust we provide to our customers.Even if the detailed rules and time and effort increase, we believe that the attitude will lead to safety and security, and we are thoroughly working on it.
XNUMX. XNUMX. ISMS certification
No matter how specific measures are taken, the effects will be diminished unless a system is in place to implement them correctly.Aztec has acquired the ISMS (Information Security Management System) international standard "ISO / IEC 27001" certification, and formulates preventive measures against information security risks, implements and audits plans based on them, and formulates further measures. By regularly rotating a series of cycles, we have a system for continuous improvement.
When operating ISMS, the following three actions are effective in improving internal security.
① Effective security goal setting
Set security goals for each department each year.In the past, we had set company-wide goals, but by separating them from company-wide into departments, we are now able to appropriately respond to issues that are appropriate to each site, such as accidents that occurred in the past and possible risks. ..Instead of setting goals for command hierarchies, members belonging to the department recognize the issues themselves and think about the goals to solve the issues more effectively and raise awareness.
② Implementation of in-house education
We provide security education to all employees. In addition to e-learning, we regularly update our security knowledge by explaining trends in risks and accidents and past cases that actually occurred.In addition, security personnel collect information on vulnerabilities and alerts every day, promptly disseminate information on highly urgent threats and consider countermeasures to prevent the occurrence and spread of damage.
③ Implementation of internal audit
We will conduct company-wide audits.At Aztec, auditors are not fixed, but are rotated among employees.By having each person experience as an Audit & Supervisory Board Member, they will be able to relearn the rules and gain a deeper understanding of their significance, so we are aiming for the effect of establishing and thoroughly enforcing changing security rules.
There was a clear change in consciousness in the process of maintaining ISMS.Recognizing security issues and setting goals, and having them recognize the role and significance of the system as an Audit & Supervisory Board Member led to the fostering of a higher level of security awareness.Furthermore, by receiving specialized advice from outside, including certification bodies, we have raised our knowledge level and have become able to take more appropriate measures.Before the certification, the organization had a policy of emphasizing information security, but after ISMS certification and its operation, we feel that we are now able to meet security requirements with confidence.
XNUMX.in conclusion
The purpose of the Information Security Basic Policy established by Aztec is stated as follows.
"As a position related to the intellectual property of our customers, we respond to the high demands of our customers for information security, and recognize information security as an important management issue in order to gain the trust appropriate for those skilled in the art. I will work on it. "
Aztec Co., Ltd. Information Security Basic Policy
Security measures are now said to be a social responsibility, and we take great care on a daily basis to securely manage confidential customer information.However, it is not enough to just take strict measures, and it is not okay if you are certified.As a company that handles confidential information, we will continue to make continuous improvements so that we can provide service quality including a secure environment.
General Affairs Management Department Ogura
<Reference>
・ Information Security White Paper 2019 (IPA)
https://www.ipa.go.jp/files/000079041.pdf
・ What is ISMS (Information Security Management System)?
https://isms.jp/isms/
・ Aztec Co., Ltd. Information Security Basic Policy
https://aztec.co.jp/security.html
Inquiry
For inquiries regarding IP research and inquiries about our business, please contact us.
Please feel free to contact us using this form.