Information Security
Information Security
MARUI GROUP's Information Security Framework
MARUI GROUP views strengthening Groupwide information security to protect customers' information and other information assets from unauthorized access, cyberattacks, and other threats as being among the most important tasks for management. Risk management pertaining to MARUI GROUP's IT systems is overseen by the Compliance Promotion Board, which is chaired by the president and representative director of MARUI GROUP, as one facet of Groupwide governance. In addition, the Company established the Information Security Committee in June 2018 and appointed the CSO to serve as the highest-level authority on security responsible for managing and protecting Groupwide information assets. The CSO coordinates with the CIO, who is the highest authority responsible for managing Groupwide IT systems. In the event of a major information security incident, the head of the division that detects the incident will report to the chairperson of the Information Security Committee and the CSO. The chairperson will then report to the CIO, and the CSO will issue a report to the president and representative director of the Company when necessary. The CSO will also be responsible for assembling a specialized team to address the incident. Furthermore, MARUI GROUP systematically recruits and develops the human resources necessary for implementing Groupwide information security measures and provides education on information security to officers and employees to promote awareness. In addition, thirdparty information security assessments are performed by specialized institutions to help us maintain an understanding of information security systems and levels throughout the Group. We will continue to pursue improvements through regular assessments going forward.
MARUI GROUP's Information Security Framework

MARUI GROUP Information Security Policy (Abridged)
01. Purpose
The purpose of this policy is to provide guidelines for establishing and implementing information security management systems to protect the information assets of customers and of MARUI GROUP from all threats, whether internal or external, accidental or intentional, and thereby help ensure the continuity of MARUI GROUP’s business activities.
02. Basic Principles
(1) MARUI GROUP shall practice appropriate management of the information entrusted to it by individuals or
organizations during the course of its business activities while respecting the rights and interests of
these individuals or organizations.
(2) MARUI GROUP shall practice appropriate management of trade secrets, technological information, and other
valuable information acquired during the course of its business activities and protect the rights and interests
of MARUI GROUP.
(3) MARUI GROUP will engage in research and human resource development in order to work to improve information
security as it pertains to customer information and thereby gain greater levels of trust from customers and subsequently
society as a whole.