KSI Inc. | We provide one-stop services from planning, editing and designing to printing and bookbinding.

Privacy Policy

Recognizing the importance of customers’ personal information, employees of KSI Inc. endeavor to comply with all laws related to personal information and to cultivate a sense of self-awareness and responsibility concerning fair, appropriate management of such information as they work to provide better products and services.

We’re pursuing the following initiatives based on our recognition that protecting personal information and earning customers’ trust is a core part of our responsibility to society:

Appropriate management of personal information
We manage personal information obtained in the course of our operations, including from outside sources, in a safe and precise manner. We strive to implement information security measures, including human factor and technological measures, to prevent problems including fraudulent access, loss, destruction, alteration, corruption, and unauthorized disclosure.
Purposes for which personal information is used
When we handle personal information at the request of customers or obtain personal information, we do so only for the purposes described below. If we need to use personal information for any other purpose, we will notify you of that fact, for example by mail, email, or fax, and obtain your consent first.

• Purposes for which we use personal information when carrying out requests from customers
・To print address labels for direct mailings
・To print and send out products such as lists of names
・To package content containing personal information for mailing and send it to private residences
・To carry out other operations related to the processing, printing, and shipment of personal information
• Purposes for which we use personal information that we obtain ourselves
・Personal information from employees: To manage human resources
・Personal information related to people applying for employment: To screen applications
Provision and disclosure of personal information to third parties
We manage personal information from customers in an appropriate manner and do not disclose it to third parties except in the following circumstances:
• When the individual in question has granted his or her consent for such disclosure
• When it is necessary to disclose the personal information to a contractor so that the contractor can carry out
the service requested by the customer
• When we are compelled by law to disclose the personal information
Outsourcing
We may outsource all or some handling of data containing personal information under our management to outside contractors to the extent necessary to accomplish the purpose for which the personal information is being used.

When outsourcing personal information to third parties, we supervise contractors as necessary and in an appropriate manner to ensure that customers’ personal information is managed appropriately.
Assurance of accuracy and safety
We strive to manage data containing personal information under our management in an appropriate manner, including by taking such steps as are necessary to ensure its safety, for example by preventing its unauthorized disclosure, alteration, loss, or destruction and by preventing fraudulent access.
Organization and management structures
We ensure that personal information is managed in an appropriate manner by appointing an administrator whose responsibility it is to ensure the integrity of the personal information in our possession. In addition, we train all employees in the protection and appropriate management of personal information and actively work to ensure that such information is handled appropriately in the course of our everyday operations.
Contact for complaints and inquiries about how we handle personal information
We have established a point of contact for requests and complaints about data containing personal information under our management, and we endeavor to respond to such inquiries in a spirit of good faith.

Point of contact for complaints and inquiries
Personal information administrator: Akihito Koike
Compliance with applicable laws and standards
We comply with all applicable laws and standards concerning the handling of personal information, including laws and ordinances, guidelines published by the Japanese government, and other standards.
Ongoing improvement
We have established a system for managing personal information, and we take steps to ensure that all employees understand and observe initiatives related to compliance. In addition, we regularly review this system and endeavor to improve it on an ongoing basis.
Availability of this policy
We make this policy available in response to requests from outside the company and otherwise as necessary.

First Edition: April 1, 2005
Revised: January 1, 2018
KSI Inc.
Takayuki Minami
President

Philanthropy

Information Security (ISMS)

Management system certificate

Appendix

Platemaking, printing, bookbinding and multimedia creation for publication printing, business printing and commercial printing.

Entrepreneur and associated business place

KSI Inc. (headquarters, sales department, manufacturing department) /
printing factory [plate processing, printing] /
Osaka Minami branch [sales department, editing]

KSI has been in the printing business for decades, which means that our customers have always entrusted us with their important information. We utilize information management, which will become crucial in the future.

Managing Information Security

While utilizing the convenience of the information society to protect the precious information with which we have been entrusted from potential danger in the information society, information security must be ensured.
KSI acquired Information Security Management System (ISMS) certification in 2007. We manage personal information and all information that our customers have entrusted to us.

We value our customers' wishes. We serve our customers' business. We consider the benefits for our customers' customers.

With these three mottoes, which place the customer first, we contribute to the development of society through our printing business.

Information security is indispensable in providing printing services to our customers. The establishment and employment of the Information Security Management System is most important for realizing our "customer first" policy.

To more clearly embody our polity, we have and we understand the importance of information security. We routinely review our level of security to maintain the highest possible standards and strictly conduct information security management to your strengthen trust in our company.

To maintain awareness of the importance of the confidentiality of the information properties that customers have entrusted to us, and to secure the integrity and availability of our information properties, we define the Information Security Management policies (Information Security Management Policy and Information Security Application Policy) as below, and we train all employees so they understand and comply with the policies.

Information Security Management System (ISMS)

Establishment and formulation of the Information Security Management System We define policies on information security management and all our employees comply with these policies. We install the ISMS committee and take necessary measures for information security.
Goal of Information Security Management System
1. We make sure to keep and maintain the information that our customers have entrusted to us and our information properties.
2. We make sure to meet the expectations and maintain the trust of our customers and business partners.
3. We realize the effectiveness of ISMS by setting up goals for the improvement of the validity of information security management measures and our understanding and recognition of information security and through PCDA cycles.
Compliance with laws and regulations on information security management We observe all statutes and regulations relevant to information security. We educate all employees so they know the importance of the statutes and regulations and adhere to them.
Education and training We regularly provide education and training to all employees so they understand the importance of ISMS and their roles and responsibilities in providing information security.
Actions against the threat to information security We implement appropriate risk assessment to prevent any threat, including unauthorized access and/or entry to our offices and to our internal systems, disclosure, alteration, loss, destruction, and disturbance of usage of information assets, from arising. We take appropriate action against any threat.
Strict measures for managing outsourcing partners We ensure necessary security measures when outsourcing to avoid any possible leak of information on partners' sites.
Continuous improvement of ISMS We make sure to always keep our ISMS in the best state through review and improvement of risk assessment and internal audit, and we review and take corrective action for all measures and in management.

Date of enactment: January 10, 2007
Second revision: January 1, 2017
KSI Inc.
President, Takayuki Minami

Information security application policy

Policy for using mobile devices and teleworking (A.6.2.1, A.6.2.2)
1. We encrypt mobile devices and media to protect their information.
2. We keep records when we take mobile devices and media off our sites, and ensure to erase all recorded data at the time of return.
3. We use only company-owned mobile devices and media. We prohibit using personal mobile devices or media.
4. We take measures to protect information to be accessed, processed, or stored in teleworking locations, including physical security measures, safe and secure remote access methods, and backup.
Access management policy (A9.1.1)
1. Management on access control is implemented by each group, and level of access authority is given to individuals, if necessary.
2. Appropriate level of access authority is given to personnel, taking post, area of assignment, importance of information, software assets, and system to access into consideration.
Policy on using network and network services (A9.1.2, A12.2.1)
1. Before connecting to the external network, we confirm that no influence arises on the network, information system, and/or information assets.
2. We install firewall software, monitor access traffic to the internal network system from outside, and block unauthorized access.
3. We install anti-virus software to detect and prevent the activity of malware, and to cancel and delete the functions of malware.
Policy on encryption measures and usage of encryption key (A10.1.1)
1. When taking personal information and important secret information (hereinafter "crucial information") off our sites, or when transmitting, moving, and storing crucial information, the information is encrypted for protection.
2. The encryption key is kept and managed so that no person has access other than the person responsible for the assignment, the external persons who are involved in the assignment and the customer.
Clear desk and clear screen policy (A11.2.9)
1. All data to be used for assignments is stored on the servers. Unnecessary data is not saved on hard disk drives of local PCs.
2. A password-protected screen saver is run on all PCs.
3. Printed sheets and faxed documents are retrieved early, and never left unattended.
4. Before disposing of hard disk or media, they are destroyed so that no saved data can be retrieved by any means.
Backup policy (A12.3.1)
1. To protect and maintain completeness and availability of information, backup of information assets is managed and implemented.
2. Backup data is stored at a different location, considering the viewpoint of business continuation.
Information transmission policy (A13.2.1)
1. Proper transmission policy, method and measures of its management are prepared and put into action to protect the information exchange, taking each form of transmission into account.
2. In public places, confidential information is not mentioned. Mobile phones are used only when paying attention to the surrounding situation.
3. When sending crucial information by email, we do not post the mail directly in the mail body but protect it by encryption.
Secure development policy (A14.2.1)
We establish regulations for the development of software and/or systems within the organization, and put these policies into action or development.
Information security policy for partners (A15.1.1)
When a third person of partner companies or outsourcing companies needs to utilize or access our information assets, they must agree to follow and comply with the requirements of the Information Security Management System and sign a non-disclosure agreement.
Compliance policy (A18.1.2, A18.1.4)
1. We observe the laws, regulations and requirements relevant to the use of software products under intellectual property rights or copyrights.
2. Protection of privacy and personal information is implemented without fail according to the requirements of all relevant laws and regulations.

Date of enactment: January 1, 2017
Second revision: January 1, 2020
KSI Inc.
President, Takayuki Minami