Each business entity of the Tokyo Kyodo Group* (hereinafter referred to as "Our Company" or "We") shall establish the Information Security Policy for the purpose of protecting the information assets we receive from clients and information assets as our business resource from various security threats and conducting our business activities normally and successfully.
* Please see the Tokyo Kyodo Group List for details.

1. Information security management structure

Our Company shall build a management structure for information security to maintain and improve information security.

2. Compliance with laws and norms

Our Company shall comply with laws, regulations, guidelines, contractual obligations, and societal norms regarding information security.

3. Protection of information assets

Our Company shall plan and implement proper measures to manage information security corresponding to the risks involved in the information assets to ensure the confidentiality, integrity and availability of the information assets and protect the information assets in an appropriate manner.

4. Information security education

Our Company shall provide any education and training required for officers and employees so that they fully recognize the importance of information security and make proper use and management of the information assets.

5. Responses to information incidents

Our Company shall, in the event of an information security issue, promptly investigate the cause and take measures to minimize the damage and take preventive steps.

6. Continuous improvements

Our Company shall, in order to respond to the changes to this Policy and various related regulations and the business environment, as well as to the changing social conditions, make periodic assessments on the management structure and the status of measures taken with respect to information security, thereby ensuring the continuous improvement of information security.

7. Management of cloud service data

Our Company uses cloud services in providing customers with various services. For the cloud services we use, only those providers satisfying the management measures and security standards defined by Our Company will be engaged and we will strictly control the data as the user of those cloud services.

8. Revisions

Our Company may revise the content of this Policy in whole or in part as needed. Any revisions will be announced by posting it on our website.

Last revision: August 1, 2022

9F, Kokusai Building, 3-1-1 Marunouchi, Chiyoda-ku, Tokyo 100-0005, Japan
Tokyo Kyodo Accounting Office
Representative Partner: Ryutaro Uchiyama