Information Security Policy

Basic policy for information security measures (information security policy)

To implement the management philosophy, Metropolitan Expressway Co., Ltd. (hereinafter referred to as "the Company") establishes here the basic policy for information security measures with the aim of adequately handling information assets held for business purposes, and appropriately protecting them.
The Company will continue to implement measures and improve standards based on this policy, and strive to be a safe and stable organization always trusted by the various stakeholders including you.
The basic policy of the Company's information security measures is as follows.

Scope

This basic policy applies to information assets held for business purposes and all persons using them (hereinafter referred to as "information users") .

Information security system

An information security officer is provided for each internal organization, and an information security system is built.

Information security measures

In order to ensure the availability, integrity, and confidentiality of information assets, the Company implements appropriate measures from 3 aspects-physical security, personal security, and technical security. In addition, the Company will track the security level of the contract partner and ensure proper fulfillment.

Maintaining information security

The Company will establish internal rules and oblige information users to observe compliance so that the establishment of and measures regarding the information security system can be carried out reliably. Also, in order to improve the level of measures, the Company will review its internal rules on a continuous basis.

Handling personal information

In view of the fact that protection of personal information is an extremely important social obligation in today's advanced information society, we have formulated a separate privacy policy on the handling of personal information to better protect it.

Training on information security

In order to maintain or improve the level of information security, we will continue to provide necessary training and strive to deepen the understanding of information users concerning related laws and regulations.