• Home
  • Information Security Policy

Information Security Policy


Information is an asset, much like other valuable business assets, and holds critical value to the operations of the Company. Therefore, information needs to be protected.

This Information Security Policy applies to HOPEE in its software outsourcing activities. The objective of this policy is to safeguard the information of customers, the Company, and stakeholders, while ensuring that the services provided by the Company meet high security standards and comply with regulations related to information security. This policy aims to reduce business risks and enhance the Company's business opportunities.

The Company's leadership has developed the information security policies in accordance with the business characteristics and services provided by the Company as follows:

  1. Strict compliance with legal requirements and contractual obligations.
  2. Protection of information against unauthorized access, unintentional or intentional disclosure to unauthorized individuals.
  3. Absolute confidentiality of information related to stakeholders (Employees, Customers, Partners, and Contractors)
  4. Ensuring information integrity, accuracy, and prevention of unauthorized modifications.
  5. Availability of all asset and service information when required.
  6. Continuous application, maintenance, and improvement of an ISMS (Information Security Management System) compatible with ISO 27001 standards.
  7. Regular information security training is conducted annually for all Employees.
  8. Ensuring compliance of all employees and departments with the information security policy.
  9. Providing adequate resources to meet the requirements of the ISMS and service delivery processes.
  10. Information security breaches (actual or suspected) must be reported to the Information Security Department, thoroughly investigated, and handled in accordance with the Company's disciplinary regulations.

The information security policy of HOPEE is approved by the Chief Executive Officer of the Company and is reviewed annually or whenever there are changes in the Company's strategy, to ensure its continued alignment with the Company's objectives and needs.


(English above)




  1.  法律要件および契約上の義務の厳守。
  2. 許可されていない者が情報に不正アクセスし、意図的または非意図的な開示からの保護。
  3. ステークホルダー(従業員、顧客、パートナー、および請負業者)に関連する情報の絶対的な機密性。
  4. 情報の完全性と正確性の確保、および不正な変更からの防止。
  5. 必要な時における全ての資産およびサービス情報の利用可能性。
  6. ISO 27001規格に準拠した情報セキュリティマネジメントシステム(ISMS)の継続的な適用、維持、および改善。
  7. 毎年従業員向けの情報セキュリティトレーニングを定期的に実施
  8. 全従業員および部門が情報セキュリティポリシーに準拠することの保証。
  9. ISMSおよびサービス提供プロセスの要件を満たすための適切なリソースの提供。
  10. 実際のもしくは疑われる情報セキュリティ侵害はISMSを管理する部門に報告され、徹底的に調査され、当社の規律規則に従って対応される必要があります。