Information Security Policy
Shannon LLC ("we" or "the Company") recognizes the importance of the information assets entrusted to us by our customers and the information assets we handle in the course of our business, and we consider it our social responsibility to protect them appropriately. This Policy sets out the basic approach to our efforts on information security.
1. Objective of Information Security
The objective of our information security is to maintain the confidentiality, integrity, and availability of information assets, thereby living up to the trust of our customers and achieving the continued development of our business.
2. Scope of Application
This Policy applies to all information assets handled by our officers and employees (including outsourcing contractors), as well as to the information systems that handle such information assets.
3. Legal Compliance
We comply with laws, regulations, contractual obligations, and other social norms relating to information security.
4. Organizational Measures
We clarify the system of responsibility for promoting information security and carry out regular reviews and improvements. We provide ongoing education and awareness-raising on information security to our officers and employees.
5. Technical Measures
Against risks such as unauthorized access, malware infection, and information leakage, we implement technical measures including authentication, encryption, access control, and log auditing. When using cloud services, we also manage them in accordance with their characteristics.
6. Physical Measures
We implement physical measures to prevent the loss, theft, and unauthorized use of the devices, recording media, and work environments used in our business.
7. Management of Outsourcing Contractors
When outsourcing work, we require contractors to maintain a level of information security equivalent to our own, and we manage them appropriately through contracts and supervision.
8. Handling of Entrusted Information Assets
We handle the source code, credentials, data, and other information assets entrusted to us by our customers only to the extent and for the period necessary for our business. After the completion of delivery and acceptance inspection, and upon the expiration of a defined retention period agreed with the customer, we will reliably destroy any copies under our control. The timing and method of return or destruction follow the contract or the customer's instructions.
9. Incident Response
In the event of an information security incident, we promptly assess the situation, work to minimize damage and prevent recurrence, and make appropriate reports to relevant parties and authorities.
10. Continuous Improvement
To respond to changes in information security threats and the business environment, we regularly review this Policy and the related controls, and pursue continuous improvement.