Basic Views on Information Security Measures
Recognizing that information security risks have a significant impact on our management, we are working to strengthen our countermeasures. In addition to technical measures such as the introduction of systems and countermeasure tools and physical measures such as office access control and restricting access to classified areas based on our information security roadmap, we also focus on human measures by providing e-learning education and targeted e-mail attack training since we believe that it is important to improve the security-related awareness and literacy of each employee.
Information Security Management System
Based on the Information Security Management Regulations, the Board of Directors has appointed a Chief Information Security Officer (CISO), and the Information Security Committee, chaired by the CISO, plays a central role in promoting company-wide information security measures. The Information Security Committee meets semi-annually to identify issues to be addressed, confirm the progress of measures, and confirm the results of training. Furthermore, in the event of an information security incident, such as unauthorized access, malware infection, or loss of storage media, the CSIRT* plays a role in responding under the instructions of the Information Security Committee in cooperation with external organizations as necessary.
* CSIRT (Computer Security Incident Response Team)
An organization that collects information on information security and takes measures in preparation for incidents that could lead to serious information security incidents, and executes and manages measures in the event of an incident
Protection of Personal Information
Personal information handled by the Company is managed and protected in accordance with the Basic Regulations for the Protection of Personal Information. In addition, by acquiring the Privacy Mark*, we confirm that the system and operations for protecting personal information are maintained in an appropriate manner.
* A system that evaluates that business operators have put in place structures or other measures to appropriately handle personal information.
