Information Security Policy

Information and its supporting infrastructure are valuable assets that must not be disclosed, altered, or destroyed without legitimate reason. To ensure the confidentiality, secure storage, and appropriate provision of important information, we establish formal procedures and maintain a structured management system.
With due consideration to confidentiality boundaries, we proactively disclose information related to overall management to our stakeholders. We also respect third-party information and will not obtain it through improper means or request its disclosure in an inappropriate manner.

  • (1) When handling confidential information or using information systems, we follow internal procedures and take all necessary security precautions.
  • (2) Confidential information obtained in the course of business will be properly managed and stored, and will not be used for the benefit of any third party.
  • (3) All resources related to information systems will not be used in any way that is illegal or contrary to the rules of the business community.
  • (4) Personal information is collected, managed, and stored using appropriate methods only after clearly identifying the purpose of use. It will not be used or disclosed for any purpose other than its original intent without the prior consent of the individual.
  • (5) We take preventive measures against unauthorized access to confidential information, as well as information leaks or loss. In the event such incidents occur, we will respond promptly with recovery and corrective actions.
  • (6) In the event of an information security incident, such as the leakage or loss of information, or if there is any risk of such an incident, the matter must be promptly reported to the relevant supervisor and the Chairperson of the Compliance Promotion Committee..

Establishment of Information Security Committee

To ensure the security of information and information systems, and to promote risk mitigation and smooth operations, we have established the Information Security Committee.
The committee is responsible for planning and implementing security-related measures, as well as promoting awareness of internal regulations concerning information management.

  • (1) Revision, amendment, or repeal of information security regulations
  • (2) Monitoring the status of security management and information systems, including analysis and evaluation of issues and risks
  • (3) Assessing the effectiveness of security measures related to information systems and implementing improvements
  • (4) Planning and conducting educational programs to promote awareness of information security policies and procedures

Response to Information Security Incidents

In the event of an information security incident (including potential incidents), a Special Committee for Information Security Incident Response will be established under the direction of the Head of Information Systems. This special committee, in coordination with the Information Systems Department, will take the lead in managing the response.
The committee will compile an Information Security Incident Report, including proposed measures to prevent recurrence, and submit it to the Information Security Committee. Based on the report, the Information Security Committee will review and formally approve the preventive measures to be implemented.

Key Initiatives for Cybersecurity

1. Security measures to address increasing threats
2. Response to digital transformation
3. Development of cybersecurity specialists