Supplementary Explanations

15.1 Ensuring information security
It is necessary to prevent issues such as information leaks, falsification, and system shutdowns caused by cyberattacks, including malware and inducements to malicious websites through targeted e-mails. The damages will not simply end at the company, as there is a possibility that the attackers will use the customer or partner company information they have obtained to broaden the scope of their targets.
It is important to draft plans for quick recovery in the event of a cyberattack. For example, backing up important data is one such countermeasure.

15.2 Protecting personal information
Compliance with local laws and regulations on personal information, and careful handling of the personal information of suppliers, customers, consumers, and employees is necessary. Personal information must only be collected, stored, processed, transmitted, and shared within the scope required to achieve its specified purpose. In Japan, the main law that addresses this matter is the Act on the Protection of Personal Information.

15.3 Preventing leakage of confidential Information
Confidential information generally refers to information disclosed through documents (including data recorded magnetically or optically) that are agreed upon to be confidential, or information disclosed orally after a notice of confidentiality has been issued.
An appropriate framework and management system is required for managing both the company’s own confidential information and that received from third parties. This includes defining information management levels and employee training.