ISMS /
Information Security

Regarding ISO27001 Certification

In February 2006, Aoyama Sogo Accounting Firm (“we”, “us”, “our firm”) was the first in the industry in Japan to obtain the international certification for Information Security Management System (ISMS) [ISO/IEC27001: 2005]. From early on, we have recognized the importance of information management, and have implemented stringent controls and measures in providing finance related services. This clearly demonstrates ASA’s proactive approach to information security.
ASA will continue to follow the Information Security Policy as outlined below, and through ISMS activities, further strengthen information security and improve on service quality.

Certification Standard obtained

ISO/IEC 27001:2013　JIS Q 27001:2014

Certificate Number

IA140490

Registration Date

November 22, 2005

Certification Body

EQA International Certification Center

ISMS General Policy

One of our important general policies in company management is protecting and managing client assets, and those of our firm in providing tax and accounting services, nominee directorship services, cash management, data management, SPC incorporation, and various advisory services.
“To protect the information assets of our clients and our firm” and ”To pursue ISQ（Innovation Speed Quality）” are the policies upon which confidentiality, integrity, and availability of information assets are secured under our ISMS General Policy. Our employees must comply with the ISMS General Policy, and maintain and improve on ISMS.

1. Applicable Areas

Applicable for assets related to all business activities of our firm. Assets defined here include technology and know-how considered to be information used as managerial resources (documents, data, etc.), information systems, services, and facilities and equipment related to the protection and use of such assets.

2. Policy

1. In implementing ISMS, we will construct ISMS suitable for our firm, and accumulate knowledge of ISMS development technology and operational management.
2. Due to our firm personnel having a high degree of specialized knowledge, it is vital that operational know-how is accumulated, maintained, and passed on for business continuity. As such, work evidence (documentation, records) is saved through our ISMS for this purpose.
3. To establish risk assessment criteria and to define risk assessment approaches based on such criteria. In order to perform each of our firm’s services, it is important to maintain confidentiality, integrity, and availability of our client’s and our firm’s assets. As such, risk assessment is conducted on the confidentiality, integrity, and availability of assets, resulting in proper identification of asset threats and vulnerabilities and of necessary security requirements.
4. To clearly identify risks and establish proper systems for effective business continuity and client satisfaction.
5. To comply with tax laws and regulations, Act on the Securitization of Assets, Financial Instruments Exchange Law, Certified Public Accountants Law, Certified Public Tax Accountants Law, Copyright Law, Act on Prohibition of Unauthorized Computer Access, Unfair Competition Prevention Act, and Act on the Protection of Personal Information, as well as ISMS related rules and standards.
6. To conduct periodic education and training regarding information security to heighten employee awareness.
7. To improve ISMS by measuring and evaluating the effectiveness of control measures through daily monitoring, monthly security checks and internal audit.

3. Operational Structure and Duty

Our management committee discusses and assesses the security standards and requirements and the countermeasures to ensure them based on our ISMS General Policy. A Chief Information Security Officer (CISO) is placed as a committee member to carry out ISMS measures smoothly. The managers of the ISMS group and each group shall make efforts for continuous improvement of ISMS based on the policy of the management committee through risk assessment of their respective group’s assets, developing a management plan, and creating and evaluating a risk response plan.

4. Audit

The internal audit manager will perform audits every year of our firm’s statutory compliance of each group, ISMS General Policy, Information Security Management System manual, compliance with each set of rules and procedures, effectiveness of the risk response plan, and effectiveness and compliance of ISMS.

5. Responsibility of Our Employees

Any employee that violates the ISMS General Policy, Information Security Management System manual, or related rules and procedures will be subject to disciplinary action in accordance with our employment policy.

Adopted April 1, 2005
Revised November 1, 2021 (16th update)

Aoyama Sogo Accounting Firm
Masaki Aguni, Chief Executive Officer

Aoyama Sogo Tax Corporation
Masaki Aguni, Member

ASA Reporting Professional K.K.
Kazuhiro Matsuzawa, Representative Director

ASA Advisory K.K.
Masaki Aguni, Representative Director