Information Security Policy
Principles governing eSolia's information security management
On this page 13
Policy Highlights
- Management-led security governance
- Risk-based controls
- Legal and contractual compliance
- Business continuity preparedness
- Continual improvement cycle
Updated: 13 June 2026
Organization: eSolia Inc.
Management Policy & Mission
eSolia has provided IT services to global and Japanese enterprises operating in Japan for many years. Drawing on our multilingual and multicultural expertise, we work closely with clients to understand their needs and address complex challenges in systems and business processes, supporting their continued business operations and growth in Japan.
eSolia positions the appropriate protection of the information assets we hold — and those entrusted to us by our clients — as a key management priority. To maintain the trust of our clients and of society, we are committed to ensuring the confidentiality, integrity, and availability of these information assets, complying with applicable laws, regulations, contractual requirements, and other standards, and establishing, maintaining, and continually improving our Information Security Management System.
In accordance with these commitments, eSolia pursues information security assurance and continuous improvement across the entire organization, guided by the following principles.
1. Management Responsibility
eSolia positions information security as a key management priority. Under executive leadership, we take an organized and sustained approach to ensuring and improving information security.
2. Organizational Structure
We maintain an organizational structure to promote information security assurance and improvement. We define information security measures as formal internal policies, tailored to our business characteristics and the information assets we handle, and operate them appropriately.
3. Employee Commitment
All eSolia employees acquire the knowledge and skills necessary to ensure information security, and carry out their responsibilities in accordance with the policies and procedures established by the company.
4. Compliance with Laws and Contractual Requirements
eSolia complies with laws, regulations, standards, and contractual requirements related to information security.
5. Response to Violations and Incidents
In the event of a legal violation, contractual breach, or incident related to information security, eSolia responds promptly and appropriately, working to minimize damage, identify root causes, and prevent recurrence.
6. Risk Management
eSolia identifies and assesses risks to its information assets and applies controls proportionate to the level of risk. Risk assessments are conducted periodically and whenever significant changes occur in our business environment, technology, or threat landscape.
7. Business Continuity
To prevent critical business operations from being interrupted by major incidents or disasters, eSolia establishes and maintains prevention and recovery procedures, and reviews them regularly.
8. Continual Improvement
eSolia regularly reviews and improves the information security management system to ensure it remains effective and aligned with changes in our operating environment, applicable standards, and emerging threats.
Executive Commitment to ISMS
eSolia's executive management has formally committed to implementing an Information Security Management System (ISMS) aligned with the international standard ISO/IEC 27001. The signed executive support statement is available as a PDF document below.
SECURITY ACTION Self-Declaration
eSolia has declared SECURITY ACTION two stars (★★) under the self-declaration program run by Japan's Information-technology Promotion Agency (IPA). SECURITY ACTION is a scheme in which businesses publicly declare their own commitment to information security measures — it is not a certification or accreditation issued by IPA. Our two-star declaration includes publishing this policy and completing IPA's 25-item self-assessment, and we continue to improve on that baseline.
For details about the program, see the IPA SECURITY ACTION official site (Japanese).
Changes to this Policy
We reserve the right to update this information security policy at any time. Changes will be announced in the "updates" section on the top page of this website, and the latest update date will be shown at the top of this page.
For questions about this policy or our security practices, please contact us through our official channels.
Related Policies
- AI Policy — Principles governing eSolia's use of AI technologies
- Privacy Policy — How we collect, use, and protect personal information
- Data Protection — GDPR compliance and data protection principles
- Website Security & Disclosure — Site security practices and vulnerability reporting