NTT Digital, INC. (hereinafter referred to as the “Company”) recognizes that appropriate information management is an important task when operating a business, and it will comply with the Information Security Policy and the separate「Privacy Policy」as Company guidelines in its efforts concerning information security so that customers can use the Company’s services with peace of mind.
The information assets that the Information Security Policy applies to include information obtained or learned in the course of the Company’s business activities and all information that the Company holds for operational purposes.

1.Constructing an information security management regime

The Company shall construct a regime capable of promptly implementing information security measures by establishing an information management committee and stationing a chief information security officer in each body in order to protect and appropriately manage all the information assets that it holds.

2.Stationing a Chief Information Security Officer

The Company shall station the chair of the information management committee as the Chief Information Security Officer (CISO) in order to protect and appropriately manage information assets.

3.Developing internal regulations

The Company shall develop internal regulations concerning information security and thoroughly ensure that everyone in the Company is aware of clear guidelines and rules for protecting and appropriately managing information assets.

4.Developing and strengthening the audit regime

The Company shall conduct information security audits regularly and as necessary and strictly punish any breaches in order to check that the various laws and regulations relating to information security, norms relating to information security formulated by government bodies and industry groups, internal regulations and rules, and the like are being complied with and are functioning effectively in the performance of operations, in order to appropriately manage information.

5.Appropriate information security measures

The Company shall implement security measures from the perspective of organizational, physical, technical, and human safety management measures to prevent improper access, destruction, information leaks, alteration, and other accidents pertaining to information assets before they occur, and shall continually improve them by making revisions and adapting to changes as necessary when technical or social needs arise.

6.Raising information security literacy

The Company shall provide ongoing education and training to raise information security literacy among all employees and to put into place the appropriate management of the Company’s information assets.

7.Strengthening management regimes at outsourcing vendors

When the Company outsources Company operations, it shall fully examine the competency as an outsourcing vendor and demand that security levels at least as high as the Company’s be maintained. Furthermore, it shall regularly audit the outsourcing vendor to check that the vendor is appropriately maintaining these security levels.

8.Making ongoing improvements

The Company shall make ongoing improvements to information security management by regularly evaluating and reviewing the above activities.