Information Security

ページタイトル画像_サステナビリティ_S

Basic Ideas

To ensure continuous and stable business activities, it is essential to protect our information system and information assets from all kinds of threats while realizing an environment where information can be used safely and securely. We recognize that efforts to maintain and improve information security are extremely important responsibilities for this purpose.
Based on these ideas, we have established an information security policy from the perspective of company-wide risk management, which is followed by all officers and employees when engaging in their business activities.

Basic Policy on Information Security

  1. Compliance with Laws and Regulations
    The officers and employees of the Company comply, on their own accord, with the Act on the Protection of Personal Information and other laws and regulations related to information security, as well as internal rules and regulations established by the Company.
  2. Organizational Activities
    To conduct organizational operations for information security, the Company appoints a person responsible for information security and an administrator for information security and establishes an Information Security Committee.
  3. Education and Training
    The Company provides education and training necessary to ensure that its officers and employees recognize the importance of information assets.
  4. Risk Analysis and Assessment
    The Company identifies threats to information assets and constantly carries out analysis and assessment of the possible risks.
  5. Audit
    Through internal and external audits, the Company objectively recognizes and evaluates the implementation status of information security and carries out improvement activities.
  6. Rapid Response
    In the unlikely event of an information security incident, the Company will respond promptly and strive to prevent the damage from spreading.

Information Security System

Governance Img

Measures

In preparation for unforeseen circumstances related to information security, such as external attacks aimed at stealing or destroying corporate information, the Company takes not only systemic measures but also other types of measures to minimize possible risks. Specifically, we continuously provide education, training and awareness-raising opportunities for officers and employees, while checking and improving the system that covers major subsidiaries.