Security Policy

ISO⁄IEC 27001

ISO⁄IEC 27001 is an international standard for information security management systems (ISMS).
Primal Inc. has obtained the certification under ISO⁄IEC 27001:2013, the international standard for ISMS, accredited by BSI Group Japan K.K. in October 2018.

Basic Principles

Primal, Inc. (hereafter referred to as "Primal" or "We") is made up of certified public accountants with IT skills and professional knowledge in core business operations, experienced consultants with thorough understanding of the needs of business practitioners, and IT technologists with both business knowledge and advanced IT skills. We work as one to provide our customers a complete support for their operations and systems. In our business, we are aware that assets of information about our customers and others are valuable and of the extreme significance as our management base.
Primal recognizes the importance of protecting the information assets from the risks of leakage, damage, loss, and others, and all officers and employees of Primal must comply with this policy. We are committed to implement appropriate information security measures for safeguarding the confidentiality, integrity, and availability of our information assets.

Basic Policy

1. Primal shall establish an information security policy, operate in accordance with it, and comply with information security laws, regulations, standards, and contractual obligations with customers, for the purpose of safeguarding information assets.
2. Primal shall clearly define standards for analyzing and evaluating the risks of leakage, damage, loss, and others on information assets, establish a systematic method of assessing the risks, and regularly asses the risks in accordance with the method. Furthermore, Primal shall implement necessary and appropriate security measures based on the assessment results.
3. Primal shall establish an information security structure and a chief information security officer to supervise it and clearly define authority and responsibility for the information security of Primal. We shall regularly implement education, training, and awareness programs on information security to ensure that all our employees recognize the importance of information security and handle information assets appropriately.
4. Primal shall regularly inspect and audit the compliance with the information security policy and the handling of information assets and shall promptly implement appropriate corrective actions in response to the identification of deficiencies or improvement items.
5. Primal shall address appropriate measures to respond to an event or incident impacting information security and establish procedures to minimize damage in case such an event or incident occurs in the future. Should such an event or incident occur, we shall promptly implement appropriate response measures. In particular, Primal shall establish a framework to manage an incident that may cause disruptions to our operations and administer regular response training, recovery tests, and reviewing to ensure the business continuity of Primal.
6. Primal shall establish, implement, continuously review and improve information security management systems that address the objectives of realizing the basic principles.