Governance Information Security
- Corporate Governance
- Compliance
- Risk Management
- Intellectual Property Management
-
Information Security
- Information Disclosure
Basic Policy on Information Security
In order to secure the trust of all stakeholders including customers and others based on fair and highly transparent management, we aim to appropriately use and appropriately protect information assets that we hold as a result of doing business, and we establish our Basic Policy on Information Security as follows.
- Scope of Application
This Basic Policy covers all "Information Assets" handled by the Company during its business activities, and covers "all executives and employees including group companies" and "subcontractors and their executives and employees, etc." who use these Information Assets. - Compliance with laws and regulations
Regarding the handling of information, the Company will comply with relevant laws and norms concerning information protection. - Establishment of information security system
In order to maintain and improve an appropriate security level, the Company will establish a special meeting committee structure with the management as the responsible person, and establish an information security system to ensure continuous improvements. - Establishment of Internal Rules
The Company will establish internal rules based on this Basic Policy and provide clear guidelines on the handling of Information Assets. - Protection of Information Assets
The Company recognizes the importance of Information Assets held from the viewpoint of confidentiality, integrity and availability, carries out risk assessments, and make efforts to ensure proper protection through regular audits. - Education and Outreach Activities
In order to improve the awareness of information security, the Company will conduct ongoing education and outreach activities for applicable stakeholders and deal with information leakage acts, etc. severely. - Response to Incidents
In the event of information security incidents, we will respond appropriately and promptly and strive to prevent the spread of damage.
Promotion of Information Security Measures
The Company views information security as an important business issue. To prevent information security accidents such as information leakage surrounding personal information, customers’ and partners’ confidential information as well as all types of confidential information handled in the process of work, we have the Basic Policy on Information Security in place to strengthen information security measures on a Group-wide basis.
Control system
We appoint an executive officer in charge of risk management as the Chief Information Officer responsible for information management across our company and the entire Group. We have also established an Information Security Committee under the Company-wide Risk Management/ Compliance Committee to maintain and strengthen our information security framework.

Education and training
To raise information security awareness, we conduct regular information security education and training.
| Education and training | FY2024 |
|---|---|
| New employee training completion rate | 100% |
| E-learning completion rate | 100% |
| Training emails | 4,870 people |
| Other | Distribution of pamphlets summarizing key information security points (general/construction site versions) |
Information security and cybersecurity risk initiatives
To address the acceleration of the adoption of digital technology and the increase in sophisticated and diverse cyberattacks amid unstable global conditions, we regularly review information security risks and implement initiatives to mitigate these risks.
- Implementation of risk assessment and regular revision of information rules, including rules and regulations
- Technical measures including enhanced authentication, encryption, and malware protection
- Implementation of various monitoring activities using Security Information and Event Management (SIEM)
- Regular inventories of monitoring records and trend analysis
- Collection of threat and vulnerability information as well as implementation of measures in response
- Establishment and operation of Computer Security Incident Response Team (CSIRT) framework

Compliance
We comply with and respond to legislation concerning information security, personal information protection, data transfer, etc., at home and abroad, and check relevant legislation when needed for appropriate responses and measures.
Personal Information Protection
We recognize that it is the Company's social responsibility to protect personal information. As such, the Company has established the Basic Policy for Protecting Personal Information. Each employee of the Company shall endeavor to ensure that personal information is properly protected.
Learn about Our Other ESG Initiatives
- Top
- Sustainability
- Governance
- Information Security