Sustainability
Information Security and Personal Information Protection
Our Approach to Information Security
Our company is committed to the appropriate management of information assets, including our customers' personal information, based on our Information Security Basic Policy. In accordance with our Personal Information Protection Policy, we clarify the usage, acquisition, management posture, and methods related to personal information handling. We also strive to thoroughly inform each of our employees and enhance the proper protection and management of personal information.
Personal Information Protection and Management System
Under the guidance of our Personal Information Management Officer, delegated by our President and Director, we conduct comprehensive control and management of personal information based on relevant laws and internal regulations to ensure its proper handling.
Security Certifications
Our company has obtained the following security certifications
| Certification Name | Certification Department | Year of Certification |
|---|---|---|
| Privacy Mark | - | 2006 |
| PCIDSS | Authorization System | 2011 |
| Web-based Systems | 2013 | |
| Mission Critical Systems | 2018 | |
| Data Transfer and Exchange Systems | 2020 | |
| ISMS | Card Issuance Operations (Operations Center in Fukuoka) | 2018 |
| Card Issuance Operations (Operations Center) | 2021 |
Information Security and Personal Information Protection Initiatives
1.Strengthening System Security Measures
Our company is continuously working to enhance system security measures. We analyze from perspectives of the level of attack techniques and whether the source of the attack is internal or external, and prioritize accordingly.
(1)Measures Against Unauthorized Data Extraction from Within
- Restrict data export functions from internal computers and prohibit connections to USB memories and smartphones.
- Limit access to websites that could lead to information leaks.
- Enforce user rights control and compliance with password policies to regulate system access.
(2)Measures Against External Attacks
- Implement multi-layered measures such as detection and defense against unauthorized access/intrusion.
- Equip latest detection functions against suspicious emails containing attachments with malicious functions.
- Thoroughly inform all employees of the response procedures following the detection of suspicious emails.
2.Orico CSIRT
In response to increasingly sophisticated and complex cyber attacks and other incidents, our company has formed a security incident response team "Orico CSIRT" and implemented the following initiatives
- (1) Immediate response to information security incidents occurring in our information system.
- (2) Formulation and implementation of recurrence prevention measures and other necessary post-incident measures.
- (3) Cyber attack training status (2022 fiscal year)
-
Cyber attack training: Twice
-
3.Utilization of External Security Consultation Companies
Our company utilizes external security consulting companies to perform professional and objective evaluations of the appropriateness of our security measures and to strengthen our security measures.
4.Personal Information Protection Training
Through the following training programs for our employees, we strive to thoroughly inform and implement the protection of personal information
- (1) Company-wide e-training (once a year)
- (2) Departmental, office, and branch unit-based training on safe management of personal information (all year round)
- (3) Personal information handling officers: 3,556 (as of March 2023)
Sustainability
-
President × Expert: Dialogue
- President × Expert: Dialogue
- This page features a dialogue between the President and the expert on sustainability management.
-
Sustainability Management
- Sustainability Management
- In this page, we introduce our sustainability management, the sustainability basic policy, materiality and other information.
-
Value Creation Process
- Value Creation Process
- This page introduces our Value Creation Process.
-
ESG Information
- ESG Information
- This page is a directory of our Environmental, Social and Governance (ESG) information. This page provides intuitive navigation to the information you are looking for on our sustainability management initiatives.
-
Social contribution activities
- Social contribution activities
- Here, we introduce our approach to social contribution and the results of our activities.
-
ESG Data
- ESG Data
- This page provides a range of ESG data on our sustainability management performance.
-
External Recognition
- External Recognition
- This page presents an external evaluation on our sustainability management initiatives.
