Search
Contact
Japanese
Search
Contact
Japanese
SiteMap

Basic Policy on Information Security

In order to secure the trust of all stakeholders including customers and others based on fair and highly transparent management, we aim to appropriately use and appropriately protect information assets that we hold as a result of doing business, and we establish our Basic Policy on Information Security as follows.

  1. Scope of Application
    This Basic Policy covers all "Information Assets" handled by the Company during its business activities, and covers "all executives and employees including group companies" and "subcontractors and their executives and employees, etc." who use these Information Assets.
  2. Compliance with laws and regulations
    Regarding the handling of information, the Company will comply with relevant laws and norms concerning information protection.
  3. Establishment of information security system
    In order to maintain and improve an appropriate security level, the Company will establish a special meeting committee structure with the management as the responsible person, and establish an information security system to ensure continuous improvements.
  4. Establishment of Internal Rules
    The Company will establish internal rules based on this Basic Policy and provide clear guidelines on the handling of Information Assets.
  5. Protection of Information Assets
    The Company recognizes the importance of Information Assets held from the viewpoint of confidentiality, integrity and availability, carries out risk assessments, and make efforts to ensure proper protection through regular audits.
  6. Education and Outreach Activities
    In order to improve the awareness of information security, the Company will conduct ongoing education and outreach activities for applicable stakeholders and deal with information leakage acts, etc. severely.
  7. Response to Incidents
    In the event of information security incidents, we will respond appropriately and promptly and strive to prevent the spread of damage.

Promotion of Information Security Measures

The Company views information security as an important business issue. To prevent information security accidents such as information leakage surrounding personal information, customers’ and partners’ confidential information as well as all types of confidential information handled in the process of work, we have the Basic Policy on Information Security in place to strengthen information security measures on a Group-wide basis.

Control system

We appoint an executive officer in charge of risk management as the Chief Information Officer responsible for information management across our company and the entire Group. We have also established an Information Security Committee under the Company-wide Risk Management/ Compliance Committee to maintain and strengthen our information security framework.

Education and training

To raise information security awareness, we conduct regular information security education and training.

Education and training FY2024
New employee training completion rate 100%
E-learning completion rate 100%
Training emails 4,870 people
Other Distribution of pamphlets summarizing key information security points
(general/construction site versions)

Information security and cybersecurity risk initiatives

To address the acceleration of the adoption of digital technology and the increase in sophisticated and diverse cyberattacks amid unstable global conditions, we regularly review information security risks and implement initiatives to mitigate these risks.

  • Implementation of risk assessment and regular revision of information rules, including rules and regulations
  • Technical measures including enhanced authentication, encryption, and malware protection
  • Implementation of various monitoring activities using Security Information and Event Management (SIEM)
  • Regular inventories of monitoring records and trend analysis
  • Collection of threat and vulnerability information as well as implementation of measures in response
  • Establishment and operation of Computer Security Incident Response Team (CSIRT) framework

Compliance

We comply with and respond to legislation concerning information security, personal information protection, data transfer, etc., at home and abroad, and check relevant legislation when needed for appropriate responses and measures.

Personal Information Protection

We recognize that it is the Company's social responsibility to protect personal information. As such, the Company has established the Basic Policy for Protecting Personal Information. Each employee of the Company shall endeavor to ensure that personal information is properly protected.

Learn about Our Other ESG Initiatives