CORPORATE SITE

Sekisui House Information Security Policy

We, Sekisui House, Ltd. have established the “Sekisui House Information Security Policy”, based on the recognition that it is our important responsibility to safely protect, manage and appropriately use information assets in order to meet the trust of our customers and other stakeholders.

  1. Scope of application
    This Policy shall apply to information and information systems such as computers and networks (collectively, “Information Assets”) used in our global business operations.
  2. Management structure
    The Information Security Committee established under the Risk Management Committee, a consultative body to the Board of Directors, supervises and manages information security, and our IT Design Department is fully responsible to implement information security measures for information security systems in accordance with the policies instituted by the Information Security Committee.
  3. Developing guidelines
    We establish necessary guidelines regarding protection, management and use of Information Assets in accordance with this Policy.
  4. Compliance
    We comply with the related laws and regulations, this Policy, and applicable guidelines in protection, management and use of Information Assets.
  5. Information security risk management
    We conduct risk assessments regularly and implement physical, technical, personnel and organizational measures as necessary to respond to changing information security risks.
  6. Information security training
    We regularly provide educational trainings for our Board Directors, Officers and employees in order to increase their information security literacy and to spread awareness of the related guidelines.
  7. Appropriate management of our subcontractors
    When we provide third parties with our Information Assets in outsourcing all or part of our operations to the third parties, we ensure them to comply with our applicable information security guidelines and conduct audit and inspection, whenever necessary, to observe their information management.
  8. Information security audit
    We ensure that our information security management shall remain in compliance with the related laws and regulations, this Policy, and applicable guidelines, through regular information security audits to verify the efficiency and effectiveness of our information security management.
  9. Cyber security management
    We have formed CSIRT* to respond to and implement countermeasures against increasing cyber security risks. When an information security incident occurs, CSIRT will provide prompt solutions to the incident in cooperation with information security agencies when necessary.
  10. Continuous enhancement of information security management
    We secure the efficiency and effectiveness of our information security management system by continuously enhancing our information security management in response to the results of information security audits.

Effective Date: July 20, 2020
Approved by the Board of Directors of Sekisui House, Ltd.

Last Updated in August 2022

CSIRT stands for Computer Security Incident Response Team. It is a team dedicated to monitoring information security incidents as well as conducting investigation and analysis for causes of such incidents.