MARUI GROUP's Information Security Framework MARUI GROUP's Information Security Framework MARUI GROUP's Information Security Framework

MARUI GROUP views strengthening Groupwide information security to protect customers' information and other information assets from unauthorized access, cyberattacks, and other threats as being among the most important tasks for management. Risk management pertaining to MARUI GROUP's IT systems is overseen by the Compliance Promotion Board, which is chaired by the president and representative director of MARUI GROUP, as one facet of Groupwide governance. In addition, the Company established the Information Security Committee in June 2018 and appointed the CSeO to serve as the highest-level authority on security responsible for managing and protecting Groupwide information assets. The CSeO coordinates with the CIO, who is the highest authority responsible for managing Groupwide IT systems. In the event of a major information security incident, the head of the division that detects the incident will report to the chairperson of the Information Security Committee and the CSeO. The chairperson will then report to the CIO, and the CSeO will issue a report to the president and representative director of the Company when necessary. The CSeO will also be responsible for assembling a specialized team to address the incident. Furthermore, MARUI GROUP systematically recruits and develops the human resources necessary for implementing Groupwide information security measures and provides education on information security to officers and employees to promote awareness. In addition, thirdparty information security assessments are performed by specialized institutions to help us maintain an understanding of information security systems and levels throughout the Group. We will continue to pursue improvements through regular assessments going forward.

MARUI GROUP's Information Security Framework