JA
JA
menu
  1. HOME
  2. Information Security Policy

Information Security Policy

Purpose of Information Security

Change Group and each Change Group company deeply recognize that it is an important social responsibility to protect its information assets from conceivable serious threats, to execute measures reasonably necessary to ensure information security, and to ensure the continuity and stability of business activities. To realize these goals, we will establish the following basic policy regarding information security.

* "Change Group" refers to CHANGE Holdings, Inc. and its consolidated subsidiaries (excluding investment limited partnerships, special purpose companies, general incorporated associations, and listed subsidiaries and their subsidiaries).

Definition of Information Security

"Information Security" as used in Change Group and each Change Group company means to protecting its information assets from such threats and ensuring and maintaining the confidentiality, integrity, and availability of its information assets.

Confidentiality: Ensuring that only authorized persons can access information assets.
Integrity: Maintaining the accuracy and completeness of information assets and their processing methods.
Availability: Ensuring that necessary information assets can be accessed when needed.

Goals of Information Security

Change Group and each Change Group company will set the following as goals concerning Information Security.

  1. Ensure the confidentiality of information assets and prevent the leakage of information assets.
  2. Ensure the integrity of information assets and prevent the falsification of information assets.
  3. Ensure the availability of information assets and keep necessary information assets in a state where they can be used when needed.
  4. If an information security incident occurs, implement rapid recovery and recurrence prevention measures to minimize damage.

Scope of Application

Change Group and each Change Group company will manage all information assets they hold based on this policy.
Additionally, officers and employees of Change Group will understand and comply with this policy and related regulations and, when outsourcing operations, conclude contracts stipulating that operations be conducted in compliance with this policy.

Information Security System

Change Group will appoint a "Group Information Security Chief Administrator" as the person responsible for Information Security, and each Change Group company will appoint an "Information Security Officer" as the person responsible for Information Security at each Group company. Furthermore, to deliberate on important matters concerning Information Security in Change Group and to implement each measure, we will establish the "Group Information Security Committee" headed by the Group Information Security Chief Administrator under the Board of Directors of CHANGE Holdings, Inc.

Implementation of Risk Assessment Concerning Information Security

Change Group and each Change Group company will establish and maintain an information security management system in line with the organization's strategic risk management. Additionally, we will conduct risk assessments concerning confidentiality, integrity, and availability of information assets, threats to information assets, and information security vulnerabilities, and implement appropriate risk reduction measures against high risks.

Compliance with Laws and Regulations Concerning Information Security

Officers and employees of Change Group must comply with laws and guidelines related to Information Security, including the Copyright Act, the Act on the Prohibition of Unauthorized Computer Access, and the Act on the Protection of Personal Information.

Education Concerning Information Security

Change Group and each Change Group company will ensure this policy is fully known to their officers, employees, and contractors, and continuously offer education necessary to maintain Information Security.

Ensuring Business Continuity

Change Group and each Change Group company will take necessary measures to minimize damage and ensure business continuity in preparation for business interruptions caused by disasters, failures, and other unforeseen incidents.

Continuous Improvement of Information Security

Change Group and each Change Group company will conduct internal audits periodically or as needed to verify that Information Security is being maintained. Additionally, we will perform timely reviews in response to environmental changes such as information system changes and new information security threats, thereby continuously improving Information Security.

Disciplinary Action for Violations

Officers or employees who violate this policy and related regulations will be subject to disciplinary action or other punishment in accordance with the regulations of Change Group and each Change Group company.

Date of Enforcement: October 1, 2025
CHANGE Holdings, Inc.
Representative Director, Executive Officer & President, Hiroshi Fukudome

* This policy is a common policy of Change Group and is being applied by our consolidated subsidiaries (excluding investment limited partnerships, special purpose companies, general incorporated associations, and listed subsidiaries and their subsidiaries).