Information Security and Protection of Personal Information
Ryohin Keikaku recognizes that information security risks are an important management issue, and hereby establishes an Information Security1 Policy to properly protect information and safely manage information assets.
1. Definition of information security
"Information security" refers to the protection of information assets handled by Ryohin Keikaku from threats related to confidentiality, integrity, and availability, and includes cybersecurity. Cybersecurity refers to taking measures necessary for the safe management of relevant information, such as prevention of information leakage, loss or damage, and measures to ensure the safety and reliability of information systems and information communication networks in order to properly maintain and manage their condition.
Ryohin Keikaku created the Information Security Policy with the aim of upholding the trust of its customers and society. We take basic and advanced measures to safeguard the information assets that have been entrusted to us by customers and related parties, as well as to comply with relevant laws and regulations and enhance our global corporate brand.
1.Establishment of an information security management system
Ryohin Keikaku will continuously improve its information security through the establishment of an information security management system. This system involves identifying information assets, analyzing the risks associated with each asset, and taking appropriate actions to implement countermeasures against unauthorized access, viruses, and leaks.
2.Protection of information assets
Ryohin Keikaku takes appropriate organizational and technical measures to reliably protect the confidentiality, integrity and availability of information assets.
3.Compliance with laws, regulations and other rules
Ryohin Keikaku complies with laws, regulations and other rules regarding information security and protection of personal information.
4.Implementation of education and training
Ryohin Keikaku provides essential education and training to ensure that all executives and employees fully recognize the gravity of information assets.
Scope of Application
All companies and bases of the Ryohin Keikaku Group
All executives and employees of the Ryohin Keikaku Group
All information assets used and owned by the Ryohin Keikaku Group
At Ryohin Keikaku, the Compliance and Risk Management Committee, which is chaired by the Senior Executive Officer, oversees relevant activities of the entire Group based on its basic policies. The committee has established the IT Security Office and Personal Information Protection Office to accurately grasp the status of information security and to discuss and promote countermeasures. Each Group company and division appoints a person in charge of information security and strives to strengthen and thoroughly implement the information management system throughout the Group.
The Personal Information Protection Office formulates rules and policies for personal information management and manages the overall process. The IT Security Office builds, maintains and operates the IT infrastructure environment in compliance with regulations and policies, and works for its continuous improvement.
The IT Security Office also reports on its activities to the Compliance and Risk Management Committee, which meets four times a year, and the details of deliberations are reported to the Board of Directors at least twice a year.
Information Security Management System
Protection of Personal Information
We appoint a person from within the organization with the ability to understand and implement personal information protection as a "personal information protection manager." This person assumes responsibility and authority for implementing and operating the personal information protection management system.
Training on Information Security
Ryohin Keikaku recognizes that the thorough comprehension and participation of all employees is essential for information security management. Based on this understanding, we provide information security training to all executives and employees. We also regularly conduct the following initiatives, which are effective for continuously improving security literacy, assessing the level of understanding, and raising awareness. By fostering a culture of security throughout our organization, we aim to become a company that is resilient to cyber risks.
1.Conduct an e-learning course on information security for all employees once or twice a year
2.Conduct training on targeted e-mail attacks for all employees twice a year
3.Provide appropriate reminders prior to long vacations and other events, and conduct awareness-raising activities and follow-ups during daily work