HOME   >   Information security policy

About Information Security Policy

Introduction

BOOKOFF Group Holdings Limited and its subsidiaries (hereinafter referred to as the “Group”) utilize information systems in their business activities and aim to achieve sustainable growth through their reuse-based business operations, while contributing to a circular economy.
In recent years, the environment surrounding information systems has faced increasing risks, including not only software and hardware failures, but also increasingly sophisticated cyberattacks, computer virus infections, and leakage of personal information. The Group recognizes that responding to these threats and appropriately protecting information assets is a critical management issue.
Accordingly, the Group establishes this Information Security Policy, which includes cybersecurity, and ensures it is communicated to all officers, employees, and relevant stakeholders, in order to maintain a safe and reliable information system environment.

Article 1. Basic Policy

The Group positions information security as one of its key management priorities and implements appropriate protection and management of information assets through the establishment of a management framework and education for officers and employees. The Group also ensures the allocation of necessary management resources, including budget and human resources.

Article 2. Risk Management and Continuous Improvement

The Group appropriately identifies information security risks, formulates and implements risk response plans, and continuously improves its information security measures based on the PDCA (Plan–Do–Check–Act) cycle.

Article 3. Incident Response and Business Continuity

The Group establishes an incident response framework and develops business continuity and recovery systems to minimize damage and enable prompt recovery in the event of an incident.

Article 4. Supply Chain Management

The Group assesses the information security posture across the entire supply chain, including business partners and contractors, and implements necessary risk response measures.

Article 5. Education and Awareness

The Group continuously provides education and training on information security to officers, employees, and relevant stakeholders in order to enhance awareness and understanding.

Article 6. External Collaboration

The Group actively collects information related to information security and promotes multi-layered security measures through collaboration and cooperation with external organizations and related companies.

Article 7. Compliance with Laws and Regulations

The Group complies with laws, regulations, and contractual obligations related to information security.

Scope of Application

This Policy applies to all officers and employees of the Group, as well as all individuals engaged in business operations on behalf of the Group.

Supplementary Provisions

This Information Security Policy shall come into effect on June 1, 2026.
© BOOKOFF GROUP HOLDINGS.All Rights Reserved.