Information Security

Policy and Strategy

Basic Views

The IINO Group is aware of the importance of protecting information assets (such as personal information, customer information, and confidential corporate information) from a corporate management viewpoint. We have established the following Information Security Policy and will work to ensure the information security of the whole Group to gain trust in the Group from our customers and society. Our Information Security Policy can be viewed here.

Structure

Conducting Periodic Risk Assessments

In connection with risks relating to the systems and administrative work of the IINO Group, we have established the Quality and Systems Committee. The committee meets once a month, and is responsible for formulating and promoting policies on systems and the administrative work of the IINO Group. It also implements and reinforces preventive and other measures to mitigate risks relating to system failure, etc.

Regarding internal audits, IT-related risk assessment is one of the designated assessment items for overall IT control as part of the assessment of internal control over financial reporting. Their effectiveness is rated periodically through internal audits, with the audits performed by an accounting auditor.

Additionally, to prepare against an information security-related incident or accident, we have established Basic Crisis Management Regulations and an Information System Crisis Management Plan.

Initiatives

Raising Awareness of Information Security

In accordance with its Information Security Policy, the IINO Group provides Group officers and employees with ongoing education and training. Our initiatives include the posting of educational videos such as Preventing Leaks of Personal Information and Ban on the Misuse of Personal Information to the corporate intranet, which serves as the medium for internal communications.

Regulations on Information and Document Management

We have established a Basic Information Management Policy with the aim of setting out necessary matters concerning the appropriate handling of information in the IINO Group. We have also created Results for Implementing Document Management based on the policy. Specifically, we state retention periods set based on classifications of information and documents, such as their level of importance, and also prescribe restrictions concerning access and viewing of each type of information or document.