Information Security

CCC establishes security policies to protect the information assets of customers and stakeholders, and to ensure the continuity of business operations. We strive to manage and operate various information assets accordingly.

Security Policy

Culture Convenience Club Co., Ltd. (“the Company”) recognizes the importance of protecting information assets including personal information. We strive to use and manage such assets appropriately and ensure their accuracy and safety.

1. Establishment of Security Management System
   The Company develops roles and structures to ensure appropriate protection of information assets and a safe work environment. A security manager is appointed to implement security measures and policies. If a security incident occurs, we promptly investigate the cause, minimize the impact, and work to prevent recurrence.
2. Compliance with Laws and Regulations
   The Company complies with applicable laws and regulations, and rigorously follows internal rules and policies.
3. Development of Internal Security Regulations
   Based on this policy and our personal information protection policy, we maintain internal regulations and ensure that clear security rules are well understood throughout the organization.
4. Security Education
   We continuously provide necessary education to ensure that employees and staff are aware of security, appropriately handle information assets, and conduct operations safely.
5. Implementation of Security Measures
   We establish and implement security measures from multiple aspects—human, organizational, institutional, technical, and physical—to protect information assets from natural disasters, unauthorized access, tampering, destruction, information leaks, loss, and theft.
6. Improvement of Security Activities
   We improve our security activities based on identified issues from security evaluations, changes in the internal and external environment, and security trends.
7. Management of Outsourced Contractors
   We select contractors capable of meeting our security requirements and regularly evaluate their adherence to our security rules during the outsourcing period, making adjustments if necessary.
8. Understanding of External Environments
   If personal data is stored overseas, we ensure that safety measures are implemented based on an understanding of the personal data protection laws and regulations of the relevant countries or regions.

Established: April 1, 2022

Establishment and Role of the Security Committee

• We have established a "Security Committee" to promote information security across our entire group.
• The Chief Information Officer (CIO), who is responsible, approves strategy planning and policy implementation, and works in collaboration with the IT and Security departments within our group to carry out security measures and cyber threat countermeasures.
• We regularly report to management on the identification of information security risks and the corresponding response measures, striving to enhance security awareness throughout the organization and strengthen the risk management framework.

Organizational Chart for Information Security

CCC has established the following framework for security.

Incident Response

In the event of an incident or emergency, the Incident Response Team promptly shares information with internal and external stakeholders and responds according to established procedures.

Education, Awareness, and Monitoring Activities

• We conduct information security training for employees to raise awareness.
• We regularly publish a security newsletter for employees, incorporating the latest topics to improve information literacy.
• Internal audits are conducted to ensure information is properly protected.
• We have established a system for detecting and responding to security threats.

Back to Corporate Governance Top