Information Security Policy of the Yokowo Group

The Information Security Policy of the Yokowo Group (the "Group") aims to ensure that the Group always recognizes the importance of all information assets handled thereby, including information provided by its customers and business partners, and to prevent all improper disclosure, divulgence, and unauthorized use of such assets, in order that the Group may continue to be a trusted member of society.

1. Compliance

   The Group shall comply with all of the following that concern information security: laws and regulations, guidelines stipulated by national governments and other public agencies, and corporate rules.

2. Framework

   The Group shall establish a framework for information security, including an information security committee that shall be responsible for the information security of the Group, and shall continuously maintain and improve this framework for information security.

3. Management of Information Assets

   The Group shall establish confidentiality rules that stipulate the handling of information assets in accordance with their level of importance and properly manage information assets based on confidentiality regulations in order to ensure information security.

4. Training

   The Group shall train all of its officers, employees, and other persons involved in its business in the rules and practices governing the handling of information-including laws and regulations, guidelines stipulated by national governments and other public agencies, and corporate rules concerning information security-in order to raise the level of awareness regarding information security.

5. Preventing and Responding to Incidents

   The Group shall strive to prevent any information security-related incidents. If any such incident should occur, the Group shall do take measures to minimize the impact of the incident and promptly determine its cause. In order to prevent the recurrence of the incident, the Group shall take the appropriate action and implement whatever measures are necessary.

April 1, 2013
President, Takayuki Tokuma

Information Security Management Framework

The Yokowo Group (the "Group") is working to advance its information security activities under the following framework.

Information Security Initiatives

The Yokowo Group has established the “Yokowo Group Information Security Policy” to prevent unauthorized disclosure, leakage, destruction, alteration, and misuse of information assets, and to ensure their proper protection. Our measures are implemented in accordance with the Cybersecurity Framework of the National Institute of Standards and Technology (NIST).

Our Efforts towards the Enhancement of Information Security

Under the Group's Information Security Policy, Yokowo recognizes the management of information security as one of the most important issues in business management. In order to manage information appropriately, it has constructed an information security management system (ISMS), and is working together with the entire Group to advance its information security activities. In December 2014, Yokowo head office and its three domestic group companies acquired ISO27001, the International Organization for Standardization (ISO)'s information security management system standard.

Information Security Education

For employees with company email addresses, we conduct security training such as phishing email simulations, provide frequent micro-learning sessions via e-learning, and share monthly security awareness updates through the Group’s “Information Security” portal. In addition, we publish the “Information Security Handbook,” which outlines essential practices for daily operations, to further enhance security awareness.

Protection of Confidential Information

Under its Information Security Policy, Yokowo has established confidentiality rules for the protection of confidential information. The Group and all suppliers and other business partners. engaged in Yokowo's business handle and protect, both strictly and appropriately, all information assets possessed by Yokowo, and information divulged to it by its customers.

Performance

For KPIs related to Information-Security, please refer to Sustainability Management.
For ISO certification status, please refer to ISO Certification Status.