April 1, 2018

This English translation of the Japanese version is offered for the convenience of those who have difficulty reading Japanese and is not legally binding. Should the need arise for the application of these rules and regulations, the Japanese version shall be considered the official and authoritative version.

In order for Tsuda University to demonstrate responsibility in conducting academic research and providing education, as well as in other activities, the university needs to have a data infrastructure in place and ensure the security of the information assets it holds. The Tsuda University Information Security Policy comprises both overall principles and specific security standards, clearly setting out the arrangements necessary to ensure information security. The university also sets detailed procedures for reliable implementation of the Information Security Policy. These procedures are intended to make all information users within Tsuda University aware of the importance of information security and ensure the security of all information assets held by the university.

●The Information Security Policy applies to the following information users and data/systems:

Information users to whom the policy applies
Full-time and part-time faculty and staff at Tsuda University, degree students and research students (including auditing students, etc.), and others authorized to access information assets held by Tsuda University (including joint users, visitors to the university, and workers employed by outsourcing contractors).

Data/systems to which the policy applies
The policy applies to all information assets held by Tsuda University; information assets include information and information systems. Information may take any form (including magnetic, optical, or hard copy); magnetic discs, flash memory drives, and handwritten notes also qualify as information. Information systems are systems for handling information, and they include not only electronic systems, but also systems for handling information in hard-copy form, such as the university’s internal mail system. The Information Security Policy applies to all information assets recognized as held by Tsuda University, even if such information assets are stored on information systems outside Tsuda University.

●The aims of the Tsuda University Information Security Policy are as follows:

1. To ensure that information assets held by Tsuda University are classified according to importance and managed appropriately
2. To defend information assets held by Tsuda University against security infringements
3. To prevent acts of misconduct affecting information assets held inside or outside Tsuda University
4. To ensure early detection of and prompt response to security infringements and similar incidents occurring within Tsuda University

Tsuda University shall appoint the Chief Information Security Officer to undertake overall decision-making relating to the university’s information security. The Chief information security officer shall take responsibility for Tsuda University’s information security both inside and outside the university. The Chief information security officer shall have the authority to determine information security-related measures and take the action necessary to ensure they are implemented throughout the university. In addition, the Chief information security officer shall have the authority to order the establishment of any organizational entities necessary to take such action.

The university shall conduct regular information security audits throughout its organization, ascertaining how information assets are managed and analyzing risks in order to prepare security standards and implementation procedures. The university shall review its Information Security Policy and implementation procedures regularly.

The university shall classify information and determine appropriate information management methods.

The university shall determine methods for managing information systems.

The university shall identify requirements with regard to information security in order to prevent unauthorized access from inside or outside Tsuda University leading to destruction, impairment, manipulation, or unauthorized use of its information assets, suspension of its educational services, or other adverse outcomes.

The university shall put rules in place to ensure compliance with the Information Security Policy. It shall also provide education and training to ensure that the Information Security Policy is widely known and complied with.

The university shall determine methods for responding to information security incidents (i.e., information security-related accidents or failures).

The university shall establish procedures for deciding on measures to be taken in response to Information Security Policy violations.

The university shall establish a point of contact to handle inquiries or complaints and make the necessary provision for publicizing the point of contact.

The university shall establish procedures relating to self-assessment of the information security system and information security auditing.

The university shall determine details relating to precautionary investigations.

The university shall establish a methods for drafting information security-related budget proposals covering the university as a whole.

The university shall determine procedures for handling exceptions to the Information Security Policy.

Copyright © Tsuda University 2018. All rights reserved.
Computer Center, Tsuda University, 2-1-1 Tsuda-machi, Kodaira-shi, Tokyo 187-8577, Japan
Tel. 042-342-5140　E-mail： infoadmin@tsuda.ac.jp