EXEO EXEO Group,Inc Sustainability Website

Information security

Organizational system

In the course of its business operations, the Group handles important information, such as technical data and customer data owned by customers. We are working to strengthen our information security, given the increasingly critical importance of appropriate information management, amid the spread of cloud services, social media, and other forms of networks.

In terms of our system, we are improving our management system by assigning an officer in charge as the chief information security officer (CISO), as well as assigning an information management officer and information manager for each organization. In addition, under the supervision of the Information Security Committee, we determine policy for the Group's efforts, monitor the overall status of the efforts, consider measures to prevent recurrence in the event of an accident, conduct training via e-learning systems, evaluate the status of improvement, and promote continuous improvement.

The Information Security Committee handles customer requests pertaining to information security and works to bolster security protection pertaining to information security incidents and breakdowns. Details of the committee’s main initiatives are as follows.

Composition of the Information Security Committee

Chair CISO: Kazuhiko Okubo
Committee members Comprised of 13 members, heads of the following organizations Crisis Management Office, Safety and Quality Management Headquarters, General Affairs Department, Human Resources Department, Human Resources Development Department, Accounts & Finance Division, Procurement Division, Corporate Planning Division, Risk Management Division, Group Business Promotion Division, Digital Transformation Strategic Division, Innovation Development Unit, Global Business Department

Main initiatives

Assigning information management officers, handling incidents & breakdowns, configuring security areas and managing area access, categorizing and storing information assets and handling their movement, managing clean desk and clean screen policies in addition to passwords, managing memory devices when taken off company premises, disposals including deletion and physical disposal, signing pledges, and verifying safety management at contractors, as well as preventing information leakage.

The committee’s priorities are to revise Group-wide rules pertaining to information devices (computers, smart devices) used while working remotely for which demand rose during the COVID-19 pandemic, and to put in place network security systems (internet connection, device security, asset management, user management) spanning the Group.

They also organize Exeo-SIRT*, the dedicated team for actions to address information security, and gather information on security vulnerabilities, monitor cyberattacks and trouble, take actions based on the results of analyzing obtained information, and formulate procedures for those actions.

*Exeo-SIRT: Abbreviation of Exeo Group Security Incident Response Team

Training & development

Training & development on information security and personal information protection is conducted annually, for all Group employees, at each division. In this training we offer learning through repetition, featuring explanations with case examples on the “ten basic tenets of preventing information leaks” covering topics such as the importance of protecting information, the roles and responsibilities of each employee, the results that can be anticipated if an incident or accident is caused, and security measures.

Additionally, the Group conducts mock exercises to respond to targeted email attacks, and various security checks.

Number of information security training attendees

2021 2022 2023
15,505 20,861 20,614

Protecting personal information

The Company engages in a broad range of business operations and handles a large amount of personal information in the process of carrying out these operations. In the recognition that appropriately managing such information is a corporate social responsibility, we are promoting efforts to ensure the protection of private information under the Privacy Policy.
In response to the Amended Act on the Protection of Personal Information which took effect in April 2022, we reviewed and enhanced our privacy management measures by revising in-house rules, taking an inventory of personal information held, and reviewing the management of records concerning the provision and receipt of personal information.
To ensure the continued protection of personal information in an appropriate manner, we have continually updated our certification of the Personal Information Protection Management System.

Contact point for inquiries about our privacy policy and handling of personal information

Relevant pages