• HOME
  • Information Security Policy

Information Security Policy

Basic principles

Client information and other assets handled as a part of the business operations of EPI Consulting LLC (hereafter referred to as “EPI”) are an essential part of EPI’s management foundations. Under EPI’s information security policy, executives and employees are committed to safeguarding information assets, ensuring their confidentiality, integrity and protecting against leaks, damage, and loss.

General policy

  1. The business operations of EPI align with the policy and regulations of EPI’s Information Security Policy, which is formulated along with various provisions for the protection of information assets. EPI adheres to all applicable laws, regulations, and industry standards related to information security, as well as the terms outlined in contracts with clients.
  2. EPI shall define the standards for analyzing and evaluating potential risks, such as leakage, damage and loss of information; establish systematic risk-assessment methods; and conduct regular risk assessments. Based on the results of such assessments, EPI shall (when necessary) enact appropriate security countermeasures.
  3. EPI shall establish an information security framework centered on responsible officers and clarify who is authorized and responsible for information security. Recognizing the importance of information security, EPI will ensure that all employees undergo regular education, training, and personnel development regarding the appropriate handling of information assets.
  4. EPI shall regularly inspect and audit the level of adherence to the Information Security Policy and handling of information assets. EPI shall promptly implement corrective measures for any such items discovered to be inadequate or requiring improvement.
  5. EPI shall enact measures to minimize the risk of information-security-related incidents and establish response procedures for such incidents. These measures will minimize any potential damage, enable swift responses to emergencies, and emplace appropriate corrections.
  6. EPI shall establish an information security management system, stipulating objectives for realizing EPI’s basic principles. This system will be continuously re-examined and improved during its execution.



March 31, 2024