Information Security
In accordance with our Information Security Declaration, we implement information security measures to protect our information assets and aim to enhance the sophistication of our information security management.
Response to Cybersecurity
Recognizing the risk of cyberattacks as a material risk, we have designated the Chief Compliance Officer as our Chief Information Security Officer (CISO), and implement multi-layered risk management that combines defense and detection mechanisms under the leadership of our CISO.
In terms of systems, we have established the Computer Security Incident Response Team (CSIRT), an organization that conducts activities in preparation for cyberattacks in ordinary times and emergencies. The CSIRT gathers information in collaboration with external specialized organizations, and works on the development of emergency response procedures for IT systems that need to respond to the threat of cyberattacks. In addition to regular cyber drills, we conduct internal training and drills for executives and employees to continuously improve our response capabilities in the event of a cyberattack.
To carry out these activities, we have established the Information Security Committee within the Company. Management is taking the lead in promoting such measures, while working in cooperation with other companies in the Japan Post Group based on "Japan Post Group Executive Declaration on Cyber Security."
Initiatives for Protecting Personal Information
Japan Post Insurance recognizes the importance of information security management called for by society and promotes measures to protect personal information appropriately, pursuant to relevant laws and regulations.
For an internal management structure to ensure safe management of personal data, we have established and announced the fundamental policy for protecting personal information (Japan Post Insurance Privacy Policy)*1, and have also designated a Chief Information Security Officer (CISO)*2, who is in charge of the Company-wide control of information security, and other responsible personnel. In this way, we are protecting and handling personal information in an appropriate manner.
In addition, we have included information on protecting personal information in our compliance rules and manuals. We have also selected information on personal information protection to include in our annual compliance promotion practice plan, and conduct various training sessions in accordance with the plan.
If personal information is leaked, we will take appropriate actions based on our disciplinary rules, etc. We will also take measures to prevent a recurrence.
The Internal Audit Department conducts off-site monitoring to check the status and operations of compliance with the fundamental policy for protecting personal information.
- (*1)
- The Japan Post Insurance Privacy Policy applies to all of the Company's operations, including those of our contractors.
- (*2)
- The Chief Compliance Officer (CCO) acts as the Chief Information Security Officer (CISO).