Governance

Information Security

Basic Policy

The Group considers it its corporate mission to contribute to enhancement of fair capital competitiveness of the clients (the publicly traded companies, investors and market participants) and the growth of the global economy. To this end, the Group regards the security of its information assets as one of the challenges of corporate management and has formulated a basic policy for information security based on the Cybersecurity Management Guidelines, formulated by the Ministry of Economy, Trade and Industry and the Information-technology Promotion Agency, Japan (IPA), as a benchmark for protecting its information assets.

Compliance with Laws, Regulations, etc.

The Group will comply with laws, regulations and various official guidelines regarding information security, including cybersecurity.

Development of an Information Security System and Initiatives

To protect its information assets, the Group has established an information security system, including cybersecurity, and has designated a person responsible for cybersecurity. In addition, the Group requires outside contractors to ensure appropriate information security following the basic policy for information security.

The Information Systems Department of IR Japan, Inc., a Group subsidiary, acquired certification for the international standard ISO/IEC 27001: 2013 and for JIS Q 27001: 2014 for information security management systems (ISMS) in August 2019.

The Company will continue to improve the quality of its services through ISMS activities following the basic policy for information security established by the Company, raise the awareness of its clients and contribute to the improvement of information security in the industry as a whole.

Implementation of Information Security Measures

To protect the information assets (including personal information) in its possession from all types of threats, the Group takes the necessary measures in terms of confidentiality, integrity and availability. The Group conducts regular audits of its systems in accordance with the basic policy for information security.

Promotion of Information Security Activities

The Group periodically evaluates and reviews the basic policy for information security and related rules and management systems, and strives to continuously improve its information security activities.

Implementation of Training Programs

The Group ensures that every employee is fully aware of the necessity of information security and complies with its requirements. It also conducts necessary training programs to ensure the continuation of such activities.

The Group conducts training for protecting personal information and explaining regulations related to insider trading when employees join the Group, regardless of whether they are midcareer or new graduates, and irrespective of their employment status. In addition, the Group conducts annual information security training for all officers and employees regarding the handling of various types of information, to ensure that they are fully aware of and comply with business rules and to foster a better awareness of information security.

Implementation of Training (Prevention of Information Security Incidents and Responses to Them)

The Group ensures that every employee is fully aware of the necessity of information security and complies with its requirements. It also conducts necessary training to ensure the continuation of such activities.

The Group always anticipates the possible occurrence of information security incidents, takes appropriate management measures and devises policies for prevention, prompt response and correction.

Name of organization IR Japan, Inc.
Name of division Information Systems Department
Scope of certification registration Operations of the Information Systems Department
  • ・Information management for shareholders, institutional investors and client companies
  • ・Internal infrastructure and internal system management
  • ・Development and maintenance of information management systems for client companies
Certification standards acquired ISO / IEC 27001: 2013, JIS Q 27001: 2014
Certification authority ANAB (ANSI National Accreditation Board)
JIPDEC
Certification number IS 709550
Registration date August 3, 2019
Audit registration organization BSI Group Japan K.K.

IS 709550 / ISO 27001

iso