Basic Policy on Information Security
The Seven & i Group has made it mandatory for all officers and employees to appropriately secure and manage the safety of information assets handled by the Seven & i Group as a material management and business issue and social responsibility, to ensure the Group acts sincerely in response to the trust shown to it by customers, business partners, shareholders and local communities. The Basic Policy on Information Security stipulates the Seven & i Group’s basic policies regarding information security and has the purpose of ensuring proper execution of operational duties through the use of information assets.
December 2, 2014
Seven & i Holdings Co., Ltd.
The Seven & i Group ensures information security and conducts operations based on the Basic Policy on Information Security.
1. General provisions
This policy stipulates specific matters and standards that must be complied with in the course of ensuring the appropriate protection and use of information assets held by the Seven & i Group.
2. Management framework
The Seven & i Group sets up an organizational framework to maintain and manage information security, and stipulates roles and responsibilities.
3. Management and protection of information assets
The Seven & i Group conducts appropriate information security management in response to the degree of materiality of information assets from the perspectives of confidentiality, integrity and availability. Moreover, Seven & i Group officers and employees will not for any reason use information assets for purposes other than business.
4. Personnel management
The Seven & i Group establishes and maintains Information Security-related Regulations in conjunction with providing regular training and drills to all officers and employees, with the aim of thoroughly communicating and raising awareness of responsibilities and obligations regarding information security and the penalties for non-compliance.
5.Physical access management
The Seven & i Group maintains physical access management of information assets depending on the degree of materiality by locking it away, supervising, restricting entry and exit access and other means to protect the information assets from the threat of leaks, whether by intent or negligence, theft, alteration, destruction or other similar acts.
6. Technical management
The Seven & i Group conducts technical management involving the control of access to information systems and the management of information systems development, operation and maintenance, along with preventative measures against leaks, alteration, loss, destruction, damage or the like.
7. Outsourcing management
The Seven & i Group requires any third party that is contracted to perform work involving the handling of information assets to manage information security to the same standard, or higher, as the Seven & i Group.
8. Rapid response to information security incidents and accidents
The Seven & i Group will establish a framework and procedures to rapidly enact effective measures in the event of an information security incident or accident.
9. Business continuity measures
The Seven & i Group formulates a business continuity plan in an effort to ensure information security in the event of a disaster, accident or similar contingency.
The Seven & i Group complies with all laws and ordinances, regulations and contractual obligations related to information security.
11. Voluntary inspections and internal audits
The Seven & i Group implements voluntary inspections and internal audits to ensure compliance with the Information Security-related Regulations and to verify whether information security management measures are appropriate and effective for ensuring information security, in conjunction with taking remedial action as necessary.
12. Disciplinary action
Persons who violate this policy or Information Security-related Regulations based on this policy are to be subject to disciplinary action in accordance with the employment regulations or other treatment.
Established December 2, 2014