PAGE UP

DQ Group's Information-Security Measures

We've established a system for managing our information security and continually maintain and update that system in accordance with our information-security policy.

In addition, we've acquired the ISO27001 [ISMS] certification for information-security management systems related to the corporate consulting services we provide.

*ISMS (Information Security Management System) is a framework for improving the level of information security within an organization. In addition to technical measures for preventing individual problems, it outlines steps for organizational management such as using personal risk assessments to determine the necessary security level, creating a plan, allocating resources, and operating systems.

ISMS Activities

WHY
To appropriately manage risks as a company or organization by maintaining the confidentiality, integrity, and availability of data and properly applying the risk-management process
  • Resolving internal and external issues
  • Meeting the needs and expectations of stakeholders
  • Interfaces and dependencies between applicable scopes, boundaries and organizational activities
WHAT
  • Management of information resources
  • Plans for dealing with risks
  • Risk analysis
  • Risk-assessment reports
  • Continuity plans for ISMS
HOW
  • Measures for organizational safety
  • Measures for personnel safety
  • Measures for technical safety
  • Measures for physical safety

Security measures implemented for our DQ Helpline service

Seven ways we ensure the anonymity of information received over the Internet

  1. Each company uses a shared ID and password
  2. Usage of one-time passwords
  3. Each report is issued a number (identifying numbers for whistleblowing)
  4. Communication is encrypted through SSL/TSL
  5. Two-factor authentication
  6. Communication data has a set period of retention
  7. Security of the data center is maintained through 24-hour human monitoring and strict access protocols

Four security measures for telephone hotlines

  1. Hotline operators are required to sign an oath related to the proper execution of their duties and the handling of sensitive information (including personal data)
  2. Hotline operators are thoroughly trained (before being assigned and periodically after)
  3. Management regulations and manuals are established and followed
  4. Full-time managers are permanently assigned to the dedicated hotline offices
*Click here for more information

Information-Security Policy

D-Quest Holdings Inc., D-Quest Inc., and InterMark Inc. (collectively, the “Group”) recognize that ensuring information security is an important management challenge for our business and the quality of the services we offer. We believe that implementing proper safety measures and protecting the information we receive from customers, the data we collect through our business operations, and the information resources handled by the Group is essential.
Therefore, the Group has created and operates an information-security management system as it strives to protect the confidentiality, integrity, and availability of all information resources it handles as part of its business and to prevent the occurrence of security incidents such as the unauthorized disclosure or falsification of data.
To achieve these goals, we establish and implement the following behavioral guidelines related to information security.

Information-Security Behavioral Guidelines

  1. In order to establish and continually improve its information-security management system, the Group will identify its information resources, define the risks associated with handling those resources, and handle them appropriately.
  2. The Group will define all roles and responsibilities related to information security and properly manage its information resources.
  3. To maintain information security and make related responsibilities known, the Group will implement educational and awareness programs for its managers, employees, and all individuals connected to the Group's business activities.
  4. The Group will monitor and record the implementation of its information-security management system and will endeavor to continually improve it and enhance the soundness of its application by defining the purpose of information security and metrics of its success, by regularly performing internal audits, and by conducting management reviews.
  5. If a security incident occurs, the Group will immediately ascertain its cause and strive to minimize the resulting damages as it works to preserve the continuity of its business operations.
  6. The Group will comply with all laws and social norms when handling information resources.

Created on December 16, 2016
Revised on November 1, 2017