Basic Policy on Information Security

The Company and its subsidiaries (hereinafter referred to as “the Group”) actively utilize IT and possess a large amount of information assets. Meanwhile, information security incidents have become a social issue, and should such an incident occur in the Group, it could cause a great deal of inconvenience to the parties concerned. Accordingly, the Group has established the “Basic Policy on Information Security” and the entire Group will work to ensure security and safety in people’s lives and socioeconomic activities on an ongoing basis so that we can gain trust and confidence from the parties concerned.

1. Achievement of Information Security Objectives

Maintenance of information security management system

The Group will establish a division to promote information security, establish a system to promote information security systematically by clarifying roles and responsibilities, and maintain an optimal information security system by conducting management reviews on an ongoing basis.

Continuous implementation of information security education

The Group will provide education and training on an ongoing basis to raise employees’ awareness of information security.

Strengthening of information security risk management

The Group will clarify business and operational risks related to the information assets held, and conduct risk analysis, evaluation, and countermeasures.

Strengthening of business continuity management

The Group will take preventative measures against personal information leaks, cyber attacks, cloud service failures, and natural disaster risks (earthquakes, typhoons, tsunamis, power outages, pandemics, etc.), and will strive to minimize damage by promptly and appropriately responding to and reporting any information security incident.

Compliance with laws, regulations and contracts

The Group will comply with all information security-related laws, regulations and contracts that the Group addresses.

2. Information Security Review and Continuous Improvement

Implementation of internal audits

The Group will conduct internal information security audits on a regular basis, and make corrections and improvements as necessary.

Initiatives for continuous improvement

The Group will consider changes in society and technology, including the business environment, changes in management policies, and revisions to laws and regulations as issues for the Group, and continuously review and improve information security.

Representative Director, Chairman,
President and Chief Executive Officer

Effective Date: August 1, 2021