Standards of Business Conduct, Values, and Global Information Security Policy
Corporate Standard of Business Conduct
This Corporate Standard of Business Conduct (this “Standard”) declares the company’s compliance with legal requirements and states general standard of business conduct. It summarizes the high-level principles and business practices that express the company’s commitment to the public at large. This Standard applies to the company and its subsidiaries and affiliates. This Standard is not intended to cover every situation directors, officers or employees of the company may face, nor does it replace other more detailed policies adopted by the company and its subsidiaries and affiliates.
ACCESS is a global company, and its business operations are subject to the laws of different countries. Cultural differences or local laws and customs may require a different interpretation of this Standard. If this situation arises, the Legal Division of ACCESS Co., Ltd. or the legal department of its subsidiaries and affiliates are to be consulted before any action is taken.
The company is committed to continually reviewing and updating its policies and procedures. This Standard, therefore, is subject to modification. This Standard supersedes all other such codes, policies, procedures, instructions, practices, rules or written or verbal representation to the extent that they are inconsistent.
This Standard is not intended to and does not create an employment contract, and does not create any contractual rights between ACCESS and its officers or employees or create any express or implied promise for specific treatment in specific situations. Each officer’s or employee’s employment relationship with ACCESS can be terminated at any time for any reason with or without cause unless the applicable laws or a written contract signed by a representative of ACCESS authorized to enter into such an employment agreement provide otherwise.
1. Honest Business Operations
ACCESS will comply with all applicable laws and regulations, and carry out its business operations with integrity and honesty, in accordance with common sense and prudent business practices. Ethical business conduct is critical to our business.
2. Customer Satisfaction
ACCESS will always strive to lead the industry and provide high quality products and services that would give customers and users positive surprise, excitement and a good impression.
3. Respect of Intellectual Property Rights
ACCESS will protect the works and achievements created by research and development activities, through intellectual property rights, and will utilize those works and rights actively. ACCESS will also use reasonable efforts not to infringe upon intellectual property rights of others.
4. Management of Personal Information and Customer Information
ACCESS will receive personal information and customer information only to the extent necessary to carry out business operations, and will use them for the purposes contemplated, and in accordance with applicable laws, paying sufficient attention to protection of privacy. Also, ACCESS will use reasonable efforts to manage properly the personal information and customer information so stored and to avoid unauthorized release or misappropriation of such information.
ACCESS will disclose necessary and sufficient information in accordance with applicable laws and regulations, in order to make sure that ACCESS’ financial conditions and results of operations will be appropriately assessed and understood.
6. Global Businesses
ACCESS will carry out global businesses in a manner that respects local customs and cultures, and will use reasonable efforts to contribute to the social and economic development of each community.
7. Confrontation with Anti-social Powers
As a good corporate citizen, ACCESS will, firmly without any compromise, confront with anti-social, violent powers and groups (e.g., gangsters; yakuza) that are willing to threaten social orders and safety of communities.
8. Discovery of Issues and Prompt Measures
ACCESS will establish appropriate internal systems and structures for corporate governance, in order to grasp internal issues in a timely manner and to promptly take precautionary actions against them. Should there be any problem during the ordinary course of business, ACCESS will cope with such problems, properly and promptly, and initiate any necessary corrective measures with all due speed.
9. Social Contribution
ACCESS will commit itself to active contributions to societies/communities, and will support the employees’ voluntary participation to social activities.
10. Opportunities to Enhance Individual Capabilities
ACCESS will provide opportunities to the employees that want to work hard or to enhance or expand their own capabilities, while respecting diversity, individual character, and the personality of each employee.
11. Arrangement of Better Work Environment
ACCESS will create and maintain comfortable work environments, paying attention to workplace safety as well as focusing on comfort, orderly arrangements and cleanliness.
12. Protection of Environment
In view of international environment standards, ACCESS will use reasonable efforts to accomplish resource-saving, energy-saving, recycling and environmental preservation.
ACCESS Global Information Security Policy
ACCESS Co., Ltd. and its affiliates (collectively, the “ACCESS Group”) aim to become an innovative leader in providing software, solutions and services to customers to enable beneficial changes in society through the use of ACCESS technologies. For the purpose of achieving these goals, the ACCESS Group possesses valuable information assets of its own and of its customers. In order to achieve more effective operations and higher customer satisfaction, the ACCESS Group must safeguard such information from improper disclosure or misuse. This Policy is to further such goals.
The ACCESS Group handles software source code and technical information derived from research and development activities; business and technical information received from customers; personal information about employees and end-users for certain services; and other valuable and confidential information. Under various laws and contractual agreements, ACCESS must takes steps to prevent any improper release or dissemination of such information. The purpose of this Policy is to institute high-level policy and procedures to accomplish the protection of such information.
Therefore, the ACCESS Group hereby declares that information security is an important strategy in achieving its goals and enacts its fundamental information security policy, as described below, and will continue to work towards secure and proper possession, utilization and administration of information assets.
The ACCESS Group is committed to continually reviewing and updating its policies and procedures. This Policy, therefore, is subject to modification. This Policy supersedes all other ACCESS Group codes, policies, procedures, instructions, practices, rules or written or verbal representation to the extent that they are inconsistent.
1. Information Security Organization
The ACCESS Group will establish an Information Security Committee with the Chief Information Officer as its head. The Information Security Committee will study, plan and implement measures for information security. The Information Security Committee will be responsible for setting internal standards, rules and procedures.
The information that is subject to this Policy includes, without limitation, all information, data, materials, and software programs, whether in writing, electronic or other format that are owned by the ACCESS Group, or under the control of the ACCESS Group and belonging to any employee, agent, customers, or business partner of the ACCESS Group. All ACCESS Group employees, whether full or part-time, contractors, officers, directors or any other agent or representative who has access to or is making use of any confidential information on behalf of the ACCESS Group, is subject to this Policy.
3. Administration and Safeguarding of Information Assets
The Information Security Committee will determine a mechanism for the classification of all information assets in the possession or under the control of the ACCESS Group. For each classification level, the Information Security Committee will set out guidelines for control measures for handling confidential and proprietary information. The classification will take into account levels of importance and risk. The Information Security Committee will apply, as necessary, regional changes to this Policy, or any procedures or measures arising from this Policy, to account for local laws, customs and practices.
4. Education and Training
The ACCESS Group will continually provide all of its employees with education and training relating to information security. The ACCESS Group will promote an internal corporate culture that values protection of proprietary and confidential information and the respect for the confidential and proprietary information of customers, employees and business partners.
5. Observance of Laws and Regulations
In each geographic region in which the ACCESS Group operates, there are laws, regulations, orders, and other rules imposed by governmental or regulatory bodies with regard to the handling of information (collectively, “Laws”). The ACCESS Group is committed to complying with the Laws in countries in which it operates and the Information Security Committee will take steps to identify relevant Laws for each region and modify this Policy or any procedures or rules for that region to ensure compliance.
6. Information Security Incidents
The Information Security Committee will establish a general response plan in the event of a breach of security. Should an information security incident occur, the ACCESS Group will promptly respond to the incident to prevent the increase of damage. Subsequently, the Information Security Committee will review and evaluate the incident and propose any necessary policy or procedural changes to avoid a repeat of the incident.
7. Penalties and Enforcement
Non-compliance with or a breach of any of the provisions of this Policies or any of the procedures implemented to ensure compliance with the goals of this Policy may result in action by the ACCESS Group up to and including termination of any employee, whether full or part-time, contractors, officers, directors or any other agent, and as determined by officers or directors of the ACCESS Group, may include legal action for any damages arising from the gross negligence or willful misconduct of any employee, contractor, officer, director or any other agent.