Basic Policy on Information Security
The Cosmo Energy Group Management Vision is, “Striving for an infinite tomorrow, developing sustainably in harmony with humanity, society, and our planet.” As part of our efforts to achieve this vision, we recognize information assets to be a valuable management resource. Accordingly, the Cosmo Energy Group Code of Conduct mandates that we properly handle information to fulfill our commitment as an honest corporate group. This policy is based on our Management Vision and Code of Conduct and outlines our basic approach to protecting the confidentiality, integrity, and availability of information assets utilized in the Group’s business activities against any threats.
1. Legal compliance
We comply with all relevant laws and regulations related to information security, including Japan’s Personal Information Protection Act, national guidelines, and social norms.
2. Information security management system
In order to protect and properly manage all the information assets the Group possesses, we establish the needed rules and systems to enable swift implementation of information security measures.
3. Promotion of appropriate information security measures
We identify risks related to information assets, such as unauthorized access, information leakage, and falsification, and take the measures that are necessary. In addition, we maintain a response and recovery system to address unforeseen incidents and prepare plans for rapid information system recovery.
4. Continuous improvement
We strive to improve the level of the information security continuously by regularly reviewing internal rules, employee training, security measures, as well as internal organizations and systems related to information security.
5. Communication and education
We actively share this policy with officers, employees, business partners and other stakeholders. We continuously carry out relevant training and awareness-raising activities in an effort to improve the Group’s information management system while enhancing information security literacy.
Established: February 10, 2022