1. Home
  2. Corporate Information
  3. Corporate Governance
  4. Information Security

Information Security

As of June 20, 2019

MARUI GROUP's Information Security Framework

MARUI GROUP views strengthening Groupwide information security to protect customers' information and other information assets from unauthorized access, cyberattacks, and other threats as being among the most important tasks for management.

Risk management pertaining to MARUI GROUP's IT systems is overseen by the Compliance Promotion Board, which is chaired by the president and representative director of MARUI GROUP, as one facet of Groupwide governance. In addition, the Company established the Information Security Committee in June 2018 and appointed the CSO to serve as the highest-level authority on security responsible for managing and protecting Groupwide information assets. The CSO coordinates with the CIO, who is the highest authority responsible for managing Groupwide IT systems.

In the event of a major information security incident, the head of the division that detects the incident will report to the chairperson of the Information Security Committee and the CSO. The chairperson will then report to the CIO, and the CSO will issue a report to the president and representative director of the Company when necessary. The CSO will also be responsible for assembling a specialized team to address the incident.

Furthermore, MARUI GROUP systematically recruits and develops the human resources necessary for implementing Groupwide information security measures and provides education on information security to officers and employees to promote awareness. In addition, thirdparty information security assessments are performed by specialized institutions to help us maintain an understanding of information security systems and levels throughout the Group. We will continue to pursue improvements through regular assessments going forward.

MARUI GROUP's Information Security Framework

MARUI GROUP Information Security Policy (Abridged)

  • 1. Purpose

    The purpose of this policy is to provide guidelines for establishing and implementing information security management systems to protect the information assets of customers and of MARUI GROUP from all threats, whether internal or external, accidental or intentional, and thereby help ensure the continuity of MARUI GROUP’s business activities.

  • 2. Basic Principles

    • (1) MARUI GROUP shall practice appropriate management of the information entrusted to it by individuals or organizations during the course of its business activities while respecting the rights and interests of these individuals or organizations.
    • (2) MARUI GROUP shall practice appropriate management of trade secrets, technological information, and other valuable information acquired during the course of its business activities and protect the rights and interests of MARUI GROUP.
    • (3) MARUI GROUP will engage in research and human resource development in order to work to improve information security as it pertains to customer information and thereby gain greater levels of trust from customers and subsequently society as a whole.