Kyoto Institute of Technology Basic Policy on Information Security

November 8, 2013
Masao Furuyama
President of Kyoto Institute of Technology

The use of information technology is indispensable today in academic and research activities, education, and social contributions conducted by Kyoto Institute of Technology. All constituent members of KIT must not only focus on adopting and utilizing such technologies but also correctly understanding and promoting information security. Therefore, we established a comprehensive policy to promote KIT’s information security, complying with the Act on Prohibition of Unauthorized Computer Access, the Copyright Law, and other applicable laws and regulations, and respecting the privacy of communication, academic freedom, and the freedom of speech.

[Definition of Information Security]

Information security means protecting the confidentiality, integrity, and availability of information assets (information electromagnetically recorded and the method of managing information).

[Promotion of Information Security]

The constituent members of KIT must continue making efforts to maintain and improve the level of information security.

[Scope of Application]

This policy shall be applied to KIT’s officials, faculty members, vendors, graduate students, undergraduate students, research students, joint researchers, visiting researchers, and all other people who engage in any activities at KIT.

[Information Security Management Structure]

The Information Security Management Department shall be established as a department to promote the information security of KIT, and an official of KIT shall serve as the director of the department, who also plays the role of KIT’s Chief Information Security Officer.

[Information Security Policy]

A policy to maintain a high level of information security shall be separately established.

[Information Security Training]

Information security training programs shall be offered to KIT’s faculty members, students, and research students.

[Protection of Data and Personal Information]

Persons to whom this policy is applied must understand the nature of data and personal information possessed by KIT and treat them in an appropriate way.


Persons to whom this policy is applied must treat information assets in compliance with this Basic Policy on Information Security, the Information Security Measures Guideline and other rules concerning information security.

[Management and Protection of Information Assets]

Persons to whom this policy is applied must manage and protect information assets based on the Information Security Measures Guideline.

[Prohibition on the Infringement of Information Security]

Persons to whom this policy is applied must not conduct any activities that violate the information security policy at KIT and make an effort to protect themselves against being used by such activities.

[Prohibition of Unauthorized Use of Computers]

Persons to whom this policy is applied must not use KIT’s computers and computers outside KIT via telecommunication lines without required permission.

[Prohibition of Unauthorized Acquisition of Information and Provision to Any Third Parties]

Persons to whom this policy is applied must not unlawfully obtain information for which they are not authorized to obtain. They also must not provide such information to any third parties.

[Antivirus Measures]

Persons to whom this policy is applied must continuously take antivirus measures for computers they use.

[Report of Information Security Violation Incidents]

If the persons to whom this policy is applied know of any information security violation incidents, they must immediately notify the Information Security Management Department of such incidents. The Information Security Management Department (and the Chief Information Security Officer) reports information concerning a sustained cyber-attack to the President of KIT as soon as practically possible, and reports to the Ministry of Education, Culture, Sports, Science and Technology.