As a company that plays an important role as social infrastructure in the living environment, we regard information security as one of our top management priorities and deeply recognize our responsibility to safely protect the information assets of all our stakeholders, including our customers, employees and partners.
We have established a system based on our Information Security Policy and have implemented the following measures and initiatives.

Measures

Threats to information security are evolving day by day and the risk of cyberattacks and information leaks is increasing.
We have promoted following information security measures to address these risks.

Ensuring information security

We take all possible measures against security risks such as cyberattacks and information leaks to ensure the confidentiality, integrity and availability of its information assets.
In addition, we continuously review and improve our measures to enhance information security.

Compliance with laws, regulations and behavioral norms

We comply with laws, regulations, behavioral norms and internal rules relating to information security and maintain an appropriate management system.
We also regularly provide our employees with training on information security to raise their awareness.

Risk management

We properly assess and analyze information security risks and take measures according to the risks.
In this way, we minimize the risks and formulate a response plan in case of emergency.

Cooperation with stakeholders

We work together with our suppliers and partners to ensure information security.
We jointly assess risks and take measures to improve the overall level of security.

Incident response

We will respond promptly to any information security incident and work to prevent the spread of damage and its recurrence.
In the event of an incident, we will report the incident to the relevant authorities and provide appropriate information to stakeholders.

Based on these fundamental policies, we aim to fulfil our responsibilities as a social infrastructure service provider in the housing environment and achieve sustainable growth as a trusted company.

Operation System

We regard information security as a key management risk and the Board of Directors, the IT Committee and the Risk Management Committee, of which the latter two have information security oversight responsibility, are involved in the process of developing and evaluating information security strategies, while the Board of Directors monitors the information security strategies.

The IT Committee and the Risk Management Committee, chaired by a director, identify Information security issues, including responses to external cyberattacks, as a high-priority management risk and discuss strategies and measures to strengthen information security.

In addition, an organization specializing in security has been established within the company's Information Systems Department, which cooperates with security vendors to monitor and respond to security threats on a daily basis.
This enables rapid information linkage, decision-making and technical response to all incidents, not just security threats.

Major Initiatives

Below are some of our key initiatives.

Training

Regular training on information security is provided to all employees, also using e-Learning.
This fosters a company-wide security culture, raises security awareness and strengthens our ability to respond to information security risks.
The e-Learning courses on Information Security are conducted several times a year, with an average of 3,400 participants in FY2024, a participation rate of 94%.
We are continuing our efforts to achieve a 100% participation rate.
In addition, the targeted threat email training was conducted in FY2024.

Obtaining and maintaining ISO 27001

We have obtained and maintain ISO 27001, the international standard for information security management systems (ISMS), for our operations in our information systems department.
This certification indicates that the information security management system complies with internationally recognized standards and maintains high security standards through continuous improvement.

Technical security environment development

Security measures are implemented using the latest technology.

• Endpoint Protection Platform (EPP) and Endpoint Detection and Response (EDR): both provide enhanced endpoint protection and monitoring, enabling rapid detection and response to malware and unauthorized access threats.
• Attack Surface Management: through the management of the attack surface area, vulnerabilities are made visible and risks are mitigated to enhance security.
• Network monitoring: 24/7 network monitoring is in place to detect abnormal activity in real time for prompt response.