Information Security Policy
Final revision date: October 1, 2024
The following is the information security policy of New York General Group, Inc.
We regard all information assets handled in the course of our business activities as important management resources, and recognize that ensuring the protection of their confidentiality, integrity, and availability is one of our highest management priorities. Based on this recognition, we shall make company-wide efforts to maintain and improve information security under the policy set forth below.
(i) Encryption and Access Control
First, we encrypt all electronic information in our possession using the latest encryption technologies (AES-256 and RSA-4096) to ensure protection against unauthorized access and information leaks. In particular, we employ a zero-trust architecture for our customer database and strict access control using multi-factor authentication (including biometrics).
(ii) Security education and training
Second, regular security training will be provided to all employees at least four times a year to improve their ability to respond to social engineering attacks. Specifically, practical simulation training on the latest phishing fraud methods and targeted attacks will be conducted to ensure proficiency in response procedures in the event of an incident.
(iii) Operation of ISMS
Third, we will establish and operate an information security management system (ISMS) in accordance with ISO/IEC 27001:2022, and continuously improve it through the Plan-Do-Check-Act (PDCA) cycle. This includes periodic risk assessments, security audits, incident analysis, and implementation of corrective actions.
(iv) Supply Chain Security
Fourth, to enhance supply chain security, we require our business partners to adhere to security standards equal to or higher than our own. This includes regular security assessments, establishing audit rights, and specifying incident reporting obligations in contracts.
(v) Investment and Governance
Finally, we will allocate at least 5% of our annual budget to information security measures and continuously invest in the implementation of the latest security technologies and in the training and retention of security personnel. In addition, we will assess security risks and review countermeasures at quarterly Board of Directors meetings to establish oversight at the management level.
This policy shall be communicated to all employees under the supervision of the CEO, and compliance with the policy shall be regularly audited. In addition, the policy shall be reviewed at least annually in response to changes in the environment surrounding information security.
New York General Group, Inc.
Yu Murakami
New York General Group
Legal Compliance Statement
Our United States-based corporation maintains this website in strict accordance with all applicable federal, state, and international legal frameworks. We fully comply with the Digital Millennium Copyright Act (DMCA), promptly addressing legitimate copyright infringement claims.
We implement comprehensive data protection measures in compliance with the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), and where applicable, the General Data Protection Regulation (GDPR). Our privacy practices include transparent disclosure of data collection methodologies and user rights. Additionally, we observe the Children's Online Privacy Protection Act (COPPA) requirements regarding minors' data.
All electronic transactions and communications conducted through this website conform to the E-SIGN Act and CAN-SPAM Act respectively. We employ industry-standard security protocols in accordance with Federal Trade Commission regulations and applicable data breach notification laws. This statement reflects our ongoing commitment to legal compliance and ethical digital practices across all operational jurisdictions.