Basic Information Security Policy

Basic Principles for Information Security

As an information service provider, the Group aims to safely maintain and utilize internal information as well as information entrusted to us by our customers. For this purpose, we have established a policy regarding information security for the security of our clients. Based on this policy, we have established a number of regulations to ensure information security and have educated our employees to maximize the appropriate management of all information.

• To ensure that information is used according to the purpose for which it was collected, we only allow employees to access the data necessary for their positions and work to ensure that the data we store is correct and complete.
• Our policies and internal regulations comply with all relevant laws and regulations and regularly train and test our employees on information security.
• In the event of a serious issues with information security, we will promptly investigate the causes and implement countermeasures.
• We also require Group employees to submit written oaths to adhere to the rules for the handling of information.

Privacy Policy

The LIFULL Group recognizes the importance of personal information and complies with the guidelines set forth in the Personal Information Protection Law to protect this information.

• LIFULL Privacy Policy
• Privacy Policy for Hiring Purposes
• Acquisition and Use of Behavioral History Information
• Behavioral Targeting Advertising

Promotion of Information Security

Security Efforts

We have established a committee devoted to the management of confidential information to protect and improve information management within the Group. This committee is charged with the regular review and approval of information security as well as internal information sharing, warnings and instructions regarding information security to team leaders.
The leaders of each individual department are also responsible for the management of information systems within their department. We also monitor whether the structure and operation of each ISMS is functioning effectively and continue to maintain and improve information security.

Ensuring Information Security

Recognition of ISMS (Information Security Management System)

After review by a third-party organization, LIFULL and its subsidiaries have received accreditation for the international information security standard ISO/IEC 27001 and Japanese standard JIS Q 27001 since 2006. All domestic subsidiaries have adopted the LIFULL information security policies and have implemented the same management systems for information security.

Actions on Computer Security Incidents and External Data Sharing

The LIFULL Group has established a computer security incident response team (CSIRT) and is registered as a member of the Nippon CSIRT Association. We will continue to improve the Group's cyber security to prevent the occurrence of security incidents.
In the future, we will continue to collaborate not only within the Group but also with other companies to strengthen security measures. When a security incident occurs, we will take measures to minimize and converge the damage.

*1: CSIRT (Computer Security Incident Response Team) refers to a team that responds to computer security incidents. We regularly collect and analyze incident-related data, information on vulnerabilities and information regarding previous attacks to formulate response policies and other procedures.

Security Measures During Service Development

■ Actions for the Provision of Secure Services
We have established a department dedicated to reviewing the security of our services. Developers must submit applications to this department when setting the requirements for a new service.
For services which handle personal information, we limit security issues by requiring security reviews when defining the requirements for a new service. We also ensure the security of our services by conducting vulnerability diagnoses before release.

Education on Information Security

We implement regular security tests to educate and test employees on their knowledge of the data necessary for their positions and understanding of rules throughout the entire LIFULL Group. In preparation for cyber attacks, we also regularly conduct training and confirm reporting flows for incidents to ensure the vigilance and awareness and prompt responses of our employees. Our engineers also attend security training to ensure that the LIFULL Group is providing safe and secure services to our customers.