Aztec's information security system

2020.03.24 | search column

This article is based on what we researched at the time of writing.Please note that some information may differ from the latest information.

XNUMX. XNUMX.Introduction

 Previous column(*) Introduced the advantages and disadvantages that should be considered when considering outsourcing of internal operations.
 (*) "Advantages and Disadvantages of Patent Search Outsourcing (XNUMX)'
 (*) "Advantages and disadvantages of patent search outsourcing (XNUMX)'
 When examining a contractor, not only the advantages but also how to reduce the disadvantages is important, but even if information is collected from the outside, it is difficult to grasp the detailed situation of the contractor. I can't.Therefore, this time, I would like to introduce Aztec's information security measures and management mechanism in relation to the "weakening of governance" introduced in the above column.

XNUMX. XNUMX.Specific security measures

 According to the Information-technology Promotion Agency (IPA), the number of information security incidents reported in FY2018 decreased compared to FY2017, while the rate of "information leakage / loss" increased by 15%. I will.In addition, the most common cause of information leakage incidents was "wrong operation" at 25.1%, "lost / misplaced" at 21.8%, "management error" at 13.0%, and "setting error" at 4.7%. More than a percentage is human error.
 Countermeasures against this human error are considered to be one of the cornerstones of information security.With that in mind, let me introduce some of the specific security measures within Aztec.

① Monitoring and access restrictions

 We prevent the entry of third parties such as people outside the company, prevent access to data by employees unrelated to business, and reduce the risk of information leakage.

  • 24-hour monitoring of people entering and leaving the room with a camera
  • Building security system + original auto-lock mechanism
  • No outsiders can enter the analysis room (meetings with the outside are on a separate floor)
  • Access control to internal server

② Handling of data

 Even a searcher who carries out business can prevent unnecessary data from being taken out, viewed, or duplicated, reducing the risk of information leakage.

  • Restrictions on taking out information outside the company and restrictions on viewing outside the company
  • Prohibit connection of USB memory or personal terminal to in-house system
  • Prohibition of shooting and recording in the in-house work area

③ Use of software services

 In addition to building a direct barrier against the occurrence of an accident, we are working to reduce the labor involved in the countermeasures themselves.

  • E-mail mis-sending prevention software
  • Secure telework system
  • Whitelist software usage
  • Log collection software

 These security measures trade off safety and convenience.In fact, some people say that the above measures are troublesome and time-consuming.Is it worth the effort and cost? It's always a question.Nevertheless, we take these steps because we are convinced that confidentiality is one of the most important elements of trust we provide to our customers.Even if the detailed rules and time and effort increase, we believe that the attitude will lead to safety and security, and we are thoroughly working on it.

XNUMX. XNUMX. ISMS certification

 No matter how specific measures are taken, the effects will be diminished unless a system is in place to implement them correctly.Aztec has acquired the ISMS (Information Security Management System) international standard "ISO / IEC 27001" certification, and formulates preventive measures against information security risks, implements and audits plans based on them, and formulates further measures. By regularly rotating a series of cycles, we have a system for continuous improvement.
 When operating ISMS, the following three actions are effective in improving internal security.

① Effective security goal setting

 Set security goals for each department each year.In the past, we had set company-wide goals, but by separating them from company-wide into departments, we are now able to appropriately respond to issues that are appropriate to each site, such as accidents that occurred in the past and possible risks. ..Instead of setting goals for command hierarchies, members belonging to the department recognize the issues themselves and think about the goals to solve the issues more effectively and raise awareness.

② Implementation of in-house education

 We provide security education to all employees. In addition to e-learning, we regularly update our security knowledge by explaining trends in risks and accidents and past cases that actually occurred.In addition, security personnel collect information on vulnerabilities and alerts every day, promptly disseminate information on highly urgent threats and consider countermeasures to prevent the occurrence and spread of damage.

③ Implementation of internal audit

 We will conduct company-wide audits.At Aztec, auditors are not fixed, but are rotated among employees.By having each person experience as an Audit & Supervisory Board Member, they will be able to relearn the rules and gain a deeper understanding of their significance, so we are aiming for the effect of establishing and thoroughly enforcing changing security rules.

 There was a clear change in consciousness in the process of maintaining ISMS.Recognizing security issues and setting goals, and having them recognize the role and significance of the system as an Audit & Supervisory Board Member led to the fostering of a higher level of security awareness.Furthermore, by receiving specialized advice from outside, including certification bodies, we have raised our knowledge level and have become able to take more appropriate measures.Before the certification, the organization had a policy of emphasizing information security, but after ISMS certification and its operation, we feel that we are now able to meet security requirements with confidence.

XNUMX.in conclusion

 The purpose of the Information Security Basic Policy established by Aztec is stated as follows.

"As a position related to the intellectual property of our customers, we respond to the high demands of our customers for information security, and recognize information security as an important management issue in order to gain the trust appropriate for those skilled in the art. I will work on it. "

Aztec Co., Ltd. Information Security Basic Policy

 Security measures are now said to be a social responsibility, and we take great care on a daily basis to securely manage confidential customer information.However, it is not enough to just take strict measures, and it is not okay if you are certified.As a company that handles confidential information, we will continue to make continuous improvements so that we can provide service quality including a secure environment.

General Affairs Management Department Ogura

<Reference>
・ Information Security White Paper 2019 (IPA)
 https://www.ipa.go.jp/files/000079041.pdf
・ What is ISMS (Information Security Management System)?
 https://isms.jp/isms/
・ Aztec Co., Ltd. Information Security Basic Policy
 https://aztec.co.jp/security.html

Inquiry

For inquiries regarding IP research and inquiries about our business, please contact us.
Please feel free to contact us using this form.

Contact us.

Recent Columns

Tags

  • New article mail registration/cancellation

    We will notify you by email when new articles are published.If you wish to receive or stop distribution, please register here.


     

    * Our companyPrivacy PolicyPlease register after agreeing to.

Aztec Co., Ltd. search column

In this column, as a research company with strengths in patent search and technical analysis, we will deliver information that will be useful to everyone.For inquiries regarding this column and search requestsplease use this form.