We have benefited in many ways from advancements in information systems provided by the development of IT and the proliferation of the internet. It is no exaggeration to say that, in the modern world, the degree to which information assets are utilized greatly influences the competitiveness of an organization, including the acceleration of corporate decision-making through the use of IT, the transmission and sharing of information through email and in-house networks, and the use of customer information for marketing purposes, not to mention enhanced efficiency of clerical work.

However, there are several issues that must be overcome in order to promote the active use of information assets. In particular, ensuring information security, including that of customer information, is one of the most important issues. We must be keenly aware that our information assets are constantly exposed to the threats of leakage, falsification, and destruction, and work tirelessly to minimize these risks and make use of information assets in a safe manner.

In order for the Joshin Group to further enhance its corporate value in the future by making active use of its information assets, we recognize the need for establishing concrete guidelines and rules to ensure that all employees handle all information assets properly and use them correctly. To this end, we decided to establish the Basic Policy on Information Security. We hereby declare that all employees involved in the business operations of the Joshin Group will comply with this policy and handle and protect information assets under a unified awareness.

December 10, 2004

Joshin Denki Co., Ltd.

Ryuhei Kanatani, Representative Director, President and Executive Officer

General Rules

  1. Purpose
    The purpose of this Basic Policy on Information Security (hereinafter “this Basic Policy”) is to establish the basic approach for appropriately protecting information assets as well as to work on information security on a continuous and comprehensive basis.
  2. Scope of application
    This Basic Policy shall apply to all information assets related to the Joshin Group and to all personnel (officers, employees, and those who execute the business of the Joshin Group under contracts, etc.) involved in such information assets.
  3. Management of exclusion of application
    Compliance with matters specially stipulated in laws, regulations, and contracts shall take precedence over compliance with this Basic Policy. Approval must be obtained in advance from the Chief Information Security Officer in the event that it is impossible to comply with this Basic Policy due to laws, regulations, or contracts, or any other reason. However, in the event of a life-threatening situation such as a large-scale disaster, as well as in case of an emergency, such approval may be requested after the fact.
  • Basic Policy
    The Joshin Group shall implement comprehensive information security measures, which consist of physical, human, technical, and operational security measures for all information and information systems held by the Group. In order to continuously implement these measures to ensure information security, the Joshin Group shall stipulate security policies, and establish and operate the information security management system that clarifies the roles and responsibilities of each organization and individual.
  • Objectives to achieve
    The following objectives shall be achieved to ensure information security in the Joshin Group.
  1. Protect information assets from unauthorized access.
  2. Ensure the confidentiality of information.
  3. Ensure the integrity of information.
  4. Ensure the availability of information.
  5. Comply with all required laws and regulations.
  6. Provide all employees with information security training.
  7. Establish and maintain a business continuity plan. Periodically conduct training based on the business continuity plan.
  8. Investigate and remedy any accident or potential accident identified related to information security without fail, .