Promotion of Information Security/Personal Information Protection

If confidential information were to be leaked or manipulated due to a computer virus or unauthorized access, it could result in claims fordamages from client and other companies and a loss of trust in the Group. Our Group Information Security Policy, Personal Information Protection Policy, and Policy on Handling of Specific Personal Information are thus applied to the entire Group. We make Group-wide effortsto maintain information security, such as protection against cyberattacks from external sources and prevention of information leaks due tointernal misconduct. These activities have been raised to a certain level to realize appropriate information management.

Pursuant to our Group Information Security Policy, security measures are implemented by Group companies around the world in accordance with the Group's common information security standards so that digital technologies can be used to put personal information to various uses while also protecting that information in order to expeditiously provide services that exceed customer expectations.

Group Information Security Policy

Information Security Management System (ISMS) Promotion Structure

The TIS INTEC Group has in place and operates a management system designed to address all Group-wide information security risks.

Director responsible for information security management
Coordinates confirming and evaluating Group-wide information security management levels and promoting improvement measures.
Information security audit manager
Audits the status of confirmation and evaluation of Group-wide information security management levels and the promotion of improvementmeasures, and reports progress and audit results to the Internal Control Committee.
Director responsible for data center information security management
Assigned responsibility and authority for the determination of the TIS data center information security policy and the implementation of ISMS for the data centers.
Personal information protection manager
Assigned responsibility and authority for the planning and operation of personal information protection rules and management systems as someone with the capacity to understand and put into practice the content of said rules.
Personal information protection audit manager
Assigned responsibility and authority for audit planning and implementation, reporting on audit results, and the accompanying recordkeeping as someone in a fair and objective position independent from the personal information protection manager.
Director responsible for employee education management
Conducts education and training at least once a year for all officers and employees according to their level in the information security management system, and record the results thereof, so as to make them aware of information security compliance matters.

Ensuring Safe and Secure Commercial Systems

There have been frequent security incidents in recent years. They include personal information and confidential information leaks arisingfrom unauthorized access, as well as extortion using ransomware, both of which exploit information systems security flaws (vulnerabilities).
In addition to known attacks-namely, cyberattacks that we already know how to address-a growing number of attacks exploitvulnerabilities of which even software developers and system development vendors are not aware. Security measures that factor in these unknown attacks need to be taken across the whole system without omission.

The TIS INTEC Group has put in place mechanisms wherebythe latest security technology trends and vulnerability information are promptly shared within the Group, and the processes ensuring the necessary security level are embedded in system building and operation to make sure that the completed systems have the necessary security level. We conduct regular vulnerability checks on the systems we have built and deal appropriately with newly discovered vulnerabilities, continuing to work to provide safe and secure systems and services.

Information Security Education and Awareness-Raising

We conduct information security education in the form of e-learning so as to facilitate understanding of the rules stipulated in our Group-wide information security policies and of information security-conscious behavior among officers, employees, and partner company employees. We implement various types of measures on an ongoing basis to embed basic information security behavior in each employee.
In addition, we conduct Group-wide education and training for officers, employees, and partner company employees so as to increase awareness of the importance of personal information protection in the Group, ensuring that everyone is mindful of the importance of personal information protection.

Personal Information Protection Initiatives

Pursuant to the Group Personal Information Protection Policy, Group companies in Japan and overseas have formulated rules on the handling of personal information in accordance with Group standards. We comply with the laws and regulations that apply not only in the countries in which the Group has bases but also in those in which we conduct business activities, handling personal information entrusted to us by customers and stakeholders appropriately and lawfully.
The TIS INTEC Group has established its own personal information protection management system, engaging in information coordination within the Group management system and implementing risk management, education, and training. Group companies, too, operate personal information protection management systems in compliance with the above policy.

Purposes of Use of Personal and Other Information Received

The TIS INTEC Group will give prior notice of the purposes of use of personal information received from customers, suppliers, business partners, and shareholders and will only use that information to the extent necessary to meet the purposes for which approval has been obtained.
Approval will always be obtained when personal and other information is acquired.