Basic Policy on Information Security
Basic Philosophy
Each company of NITORI Group believes that their mission is to propose home lifestyles to their customers. To fulfill their social responsibility as companies using customer information, the NITORI Group companies aim to strictly manage and protect the information assets of themselves and their customers to become companies that can be truly trusted.
The NITORI Group companies make the most of their own information assets in their main corporate activities including the planning, manufacturing, shipping, and selling of furniture and interior goods, coordinating new homes, and advertising. The companies also receive information assets including customer information. Our top priority in management is the protection of these information assets.
We have prepared a basic policy on information security. We hereby declare our commitment to information security knowing the importance of building and operating an information secure management system, protecting information assets including personal information and take appropriate safety measures.
Purpose
The purpose of this basic policy to protect our information assets and those of our customers from all internal and external threats, intentional and accidental, while maintaining stable business activities. To this end, we have prepared this basic policy for building and operating an information security management system.
Basic Policy
Each NITORI Group companies will comply with the following basic policy:
1.Building an information security management system
We will build an information security management system which involves the following activities:
- Identifying information assets, analyzing risks for each asset, and taking appropriate steps for information management, including measures against unauthorized access, antivirus measures, breach prevention measures to ensure reliability.
- Complying with laws, norms, contractual requirements, and internal rules related to information security.
- Building an information security management system to take security measures and continuously improve them.
2.Information security management system
- We will establish the post of Information Security Officer who assume overall responsibility for the information security management system. The Information Security Officer will be responsible for directing and controlling the organization in the building and operating of the information security management system, including the reporting of security incidents and accidents.
- We will establish a Risk Compliance Committee to accurately determine the situation of information security in the entire group and take necessary steps promptly.
3.Personal information protection
We will protect personal information used in all business activities under a Personal Information Protection Policy. We will take steps necessary and appropriate safety measures for protecting personal information.
4.Education and training to raise all officers and employees’ awareness of information security
We will provide education and training on information security regularly for officers and employees, etc. at each Group company in order to raise awareness of the importance of information security and the appropriate handling and management of information.
5.Review of information security management system
We will review the information security management system regularly to ensure its proper operation.
6.Response to security incidents
If a person detects an information security incident, they will report it to the Information Security Officer immediately so that emergency measures can be taken as needed. We will analyze the causes of information security incidents and will take measures to prevent recurrence.
7.Business continuity management
To ensure business continuity, we will prevent business interruptions caused by accidental disasters, failures, and errors or by the intentional abuse of information assets as much as possible.
8.Action take in response to violations of this basic policy
The employees of the NITORI Group companies shall act in accordance with this basic policy. If a person violates the policy,, they shall be subject to disciplinary action under the work regulations.
The forecasts and projected operating results contained in this report are based on information available at the time of preparation, and thus involve inherent risks and uncertainties.
Accordingly, readers are cautioned that actual results may differ materially from those projected as a result of a variety of factors.