The MS&AD Insurance Group will observe the laws and regulations for information security, and will continuously implement measures to strengthen information management. These measures include setting internal rules, upgrading system security, conducting thorough information management training for staff and agents, and taking steps to mitigate the risk of information leakage.
In order to proactively strengthen information security management to the entire group, we have established the "MS&AD Insurance Group Information Security Management Basic Policy."
In light of the importance of protection for personal information, and in the interest of compliance with related laws and regulations as well as proper handling of customer information, we have formulated the "MS&AD Insurance Group Basic Policy for Management of Customer Information" and the "MS&AD Insurance Group Basic Policy for Shared Use of Customer Information".
The holding company appoints the Group Chief Information Security Officer (CISO) to build a framework and enhance information security management. The MS&AD Group maintains a framework to detect threats to information assets and always understands changes in the external environment, such as those related to cybersecurity, to ensure information security and respond to emergencies quickly.
In accordance with the "MS&AD Insurance Group Basic Policy for Management of Customer Information", the domestic insurance companies in the Group determine guidelines and internal rules related to information management, and instate security initiatives. They also plan and operate programs for the education of employees and agents, and perform related checks and monitoring. In addition, they make arrangements for response in the event of incidents such as information leaks, take steps for prompt post-incident correction and recurrence prevention, and otherwise work for appropriate handling in this respect.
The holding company monitors the status as regards arrangements for information security management at domestic insurance companies in the Group, and reports of its findings to management. In addition, it applies the findings of its monitoring activities in its efforts to reinforce arrangements for information security management in the entire Group, through steps such as sharing of know-how with and provision of requisite support to domestic insurance companies in the Group.
The holding company and the domestic insurance companies in the Group have formulated privacy policy for various items related to the handling of customer information, including a declaration of commitment to compliance with related laws and regulations, appropriate acquisition, and limitation of the purposes of use. They have disclosed these declarations on their respective websites.
In case of any misconduct or violation committed by board members and employees, the Company implements disciplinary actions in accordance with the employment regulations. Disciplinary may be disclosed internally as a means of raising awareness and caution. Furthermore, depending on the nature and severity of the violation, it may have an impact on the compensation of board members and employees.