Sekisui House Group Information Security Policy

Sekisui House, Ltd. (hereinafter, “SHL”) has established the “Sekisui House Information Security Policy”, based on the recognition that the safe protection, management and appropriate use of information assets are important responsibility to meet the trust of customers and other stakeholders of SHL and its consolidated subsidiaries (Collectively hereinafter, “SHL Group”).

1. Scope of application
   This Policy applies to confidential or sensitive information and information systems such as computers and networks (hereinafter, the “Information Assets”) used in SHL Group business operations.
2. Management structure
   The Information Security Committee established under the Risk Management Committee (a consultative body to the Board of Directors in SHL) supervises and manages SHL Group information security, and applicable departments in SHL Group are fully responsible to implement information security measures for SHL Group information security systems in accordance with the policies instituted by the Information Security Committee.
3. Developing information security-related policies and guidelines
   SHL Group establishes necessary policies and guidelines regarding protection, management and use of Information Assets (hereinafter, “Information Security-Related Policies and Guidelines”) in accordance with this Policy.
4. Compliance
   SHL Group complies with the related, applicable laws and regulations, this Policy, and Information Security-Related Policies and Guidelines in protection, management and use of Information Assets.
5. Information security risk management
   SHL Group conducts risk assessments regularly and implements physical, technical, personnel and organizational measures as necessary to respond to changing information security risks.
6. Information security training
   SHL Group regularly provides educational trainings for our Board of Directors, Officers and employees in order to increase their information security literacy as well as to spread awareness of Information Security-Related Policies and Guidelines.
7. Appropriate management of our subcontractors
   When SHL Group provides third parties with our Information Assets in outsourcing all or part of our operations to the third parties, we ensure they comply with our applicable information security guidelines and may conduct audit and inspection, whenever necessary, to observe their information management.
8. Information security audit
   SHL Group ensures that our information security management remains in compliance with the related, applicable laws and regulations, this Policy, and Information Security-Related Policies and Guidelines, through regular information security audits to verify the efficiency and effectiveness of our information security management.
9. Cyber security management
   To address increasing cyber security risks, SHL CSIRT* responds to and implements countermeasures in cooperation with the Information Security Committee and applicable departments. When an information security incident occurs, SHL CSIRT will provide prompt solutions to the incident in cooperation with information security agencies when necessary.
10. Continuous enhancement of information security management
    SHL Group regularly reviews the status of our information security activities and secures the efficiency and effectiveness of our information security management system by continuously enhancing our information security management in response to the results of information security audits.