Basic Policy on Information Security

The Company and the Group recognize the importance of protecting information assets in the course of conducting business activities, and thus take information security measures to protect information assets against threats such as leakage, destruction, falsification, unauthorized access and the hampering of use.

  1. Information security system
    The “Information Security Working Group” shall be established as a subordinate organization to the Risk Management Committee. In addition, managers shall be designated in each organization to work to ensure and improve information security.
  2. Management of information assets
    Information assets shall be categorized based on their materiality and risks posed and their handling methods shall be clearly defined as part of our measures to appropriately manage the information assets.
  3. Establishment of internal regulations, etc.
    The Company and the Group shall establish the regulations and rules concerning appropriate management of information assets such as customer information, trade secret information and personal information (including specific personal information) and other information security matters, and endeavor to make them widely known and understood within the Company and the Group.
  4. Provision of education and training
    The Company and the Group shall provide education and training systematically to heighten awareness of information security among persons who engage in our business and thoroughly implement security measures.
  5. Compliance with laws and regulations and contracts
    The Company and the Group shall comply with laws, regulations and rules concerning information security, as well as contracts with customers and business partners.
  6. Verification and improvement
    The Company and the Group shall verify the effective functioning of the information security measures on a periodic basis and work to remediate and improve the information security system on an ongoing basis.
  7. Measures in case of a security incident
    The Company and the Group shall take responsive measures immediately to minimize damage in the case of an actual or potential information security incident and work to prevent recurrence.

Supplementary Provisions

Date of enactment: February 23, 2005

Date of partial amendment: June 21, 2018