Information Security

The Septeni Group recognizes the appropriate management of information as an important management issue. We have developed and implemented various regulations and guidelines, and are working to manage information security on a Group-wide basis.

Information Security Policy and System

We have developed and implemented various regulations and guidelines, and are working to manage information security on a Group-wide basis.

Under the Group Risk Management Committee, which has been established to comprehensively and effectively manage risks, a department and committee responsible for security management and system security have been established to oversee and manage information security for the entire Group.

We are promoting various measures, such as conducting regular training based on the information security guidelines established as the principle of information security in the Group, conducting targeted email training for all executives and employees, and promoting the appropriate handling of personal information based on the personal information protection policy.

In the event of an incident, the Group Risk Management Committee, the organization related to security management and system security, and the persons in charge in each organization work together to grasp the situation, take measures to converge and prevent recurrence, and strive to improve the level of information security throughout the Group.

Certification for Information Security Management

Certain Group companies, including Septeni Holdings Co. Ltd, have received Privacy Mark certification from the Japan Information Economic and Social Promotion Association, which is granted to businesses that handle personal information in an appropriate manner.

We are also encouraging Group companies to acquire certification according to their business characteristics. FLINTERS, Inc., which is involved in planning, developing, and sales in the data & solutions domain, Tricorn Corporation, which is involved in CRM services, Milogos, Inc., which is involved in digital marketing support, and other companies have acquired ISMS internationally recognized standard ISO/IEC 27001.

Compliance

In the Group, the Group Risk Management Committee and related departments work together to promote compliance-related initiatives.

A monthly e-learning training on compliance is held for all Group officers and employees. Various questions on compliance, including legal compliance questions such as insider trading and Act against Unjustifiable Premiums and Misleading Representations, as well as ethical questions related to discrimination, unconscious bias, etc. are asked to raise awareness of compliance.

Whistleblowing System

All individuals who belong to the Group and who engage in its operations can report or consult using the hotline. An external lawyer serves as the direct contact point for reports or consultations, and the officers and employees who reported or consulted are protected by the hotline regulation.

Business Continuity Plan (BCP)

We have formulated a business continuity plan (BCP) that summarizes emergency-recovery procedures and action guidelines.

In addition to implementing preliminary disaster mitigation measures, we implement measures, training and education through the development of an employee safety confirmation system.