Basic Information Security Policy

 

 

Asahi Broadcasting Group Holdings Corporation

Effective as of April 1, 2018

 

Asahi Broadcasting Group Holdings Corporation (“Company”) is a certified broadcasting holding company overseeing a group of companies (“Group”) whose core businesses are terrestrial television and radio broadcasting.

 

Both the Company and Group members share a common belief that “information” is a critical asset. We recognize the proper management, retention, dissemination and provision of information to society are fundamental to the Group’s continued existence. To safeguard the information held by any member of the Group against loss, misuse, leakage, and other threats, and to fulfill our corporate social responsibility while reinforcing the trust of TV viewers, radio listeners, and all other stakeholders, we have established the following Basic Information Security Policy.

 

1. Establishment of a Framework

The Company and Group members shall cooperate appropriately to establish an organization and framework to maintain, manage, and operate information security at each Group company. The Company shall appoint its Director in charge of compliance as the chief supervisor of information security for the entire Group and establish the Information Security Committee under the chief supervisor. At the same time, each Group member shall appoint a dedicated department and specific individuals to oversee information security, clearly defining responsibilities within the organization.

 

2. Regulatory Compliance and Formulation of Rules and Procedures

The Company shall comply with laws, national guidelines, and other regulations related to information security, and shall establish rules and procedures that clearly define for the management of information and information systems.

 

3. Countermeasures against Attacks

To protect information from external attacks and other threats, the Company shall implement necessary measures, including security controls for information systems.

 

4. Education and Awareness Raising

The Company shall provide adequate education and training to raise awareness of information security ethics among officers and employees of each Group member, along with all other parties involved in the Group’s business operations.

 

5. Emergency Response

The Company shall establish an emergency response plan to enable prompt action in the event of an information security incident, including information leakage.

 

6. Inspection and Audit

The Company shall regularly conduct inspections and audits of the content and compliance levels of the Basic Information Security Policy and related rules and procedures to ensure continuous improvements.