HOME > About Us > Governance > Information Security

Information Security

Last Updated: 2020.02.14
to Japanese page

Information Security

As our operations continue to expand globally, our proportion of online sales continues to rise, and individual countries' rules surrounding the protection of personal information become increasingly strict, we are acutely aware of the importance of strengthening and thoroughly implementing Information Security frameworks across the Fast Retailing Group. The information shown below details the policy, initiatives and framework created by the Fast Retailing Group. Where applicable, the Fast Retailing Group and specific Fast Retailing Group subsidiaries also implement additional policies and procedures to comply with all relevant laws in their jurisdictions.

Information Security Initiatives

As a company that values the trust of all its customers, business partners, shareholders, regional societies and other stakeholders, we consider the safe use and protection of all Information Assets* to be our social duty and an area of utmost importance that all officers and employees must strive to uphold. We seek to ensure the appropriateness, effectiveness and efficiency of our business operations by strengthening and thoroughly implementing Information Security frameworks. We also apply our Group Information Security Basic Regulations which set out the fundamental rules that must be observed to maintain and improve corporate value and social credibility. We encourage broad awareness of this policy through training and our Information Security portal.

*Non-public information necessary to the business operations of the Fast Retailing Group that poses risk of damage to the Group if disclosed, leaked, lost or compromised.

Content
1. General provisions
  • Basic rules that apply to all officers and employees regarding the use and protection of all Information Assets to ensure the appropriateness, effectiveness and efficiency of business operations through Information Security.
2. Organizational structure
  • Information Security-related organizations and responsibilities.
3. Duty of officers and employees
  • The fundamentals of maintenance and enhancement of Information Security and rules on the handling of all Information Assets.
4. Physical and technical measures
  • Physical measures for protecting Information Assets, technical measures for protecting digitalized Information Assets and handling information devices.
5. Vendor management
  • When outsourcing the handling of Personal Information or Highly Confidential Information, rules surrounding the selection of third parties, the forming of contracts, and the managing of vendors across all processes during and after the contract period.
6. Response to incidents
  • In the event of an incident, all officers and employees shall follow the instructions issued by the Chief Security Officer (CSO). The CSO may launch an incident response team if required. Additional response measures including the timely submission by the Information Security Office (ISO) of pertinent reports to the authorities responsible for Information Security incidents in individual countries and regions.
7. Response to violations
  • Measures to be taken in the event of an officer or employee infringing any of the items determined in these basic rules or other relevant documents.

These basic regulations apply to all officers and employees regardless of whether they work in our head office or in our stores. The rules are reviewed and revised as necessary to reflect and account for any changes in circumstances surrounding recognized Information Security practices and industry standards, applicable legal requirements or any requirements relating to the operation of our business.

Information Security Framework

At Fast Retailing, our company president appoints a Group Chief Security Officer (CSO) as the vice president and executive officer with authority over and responsibility for information management. We have also set up an Information Security Office (ISO) under the jurisdiction of the CSO, and strive to further strengthen and thoroughly implement our Group-wide information management frameworks.

Our Board of Directors includes members with specialist IT and Information Security experience, so the Board is adept at discussing, making decisions and issuing instructions whenever necessary on policy direction and measures regarding Information Security-related risks and countermeasures. Our Risk Management Committee, which operates under the direct jurisdiction of the Board of Directors, is made up of internal and external directors and executives from relevant departments. The Committee determines Information Security risks and receives reports on Information Security initiatives and their implementation. It offers advice and counsel to the Board on future policy initiatives and the proposal and implementation of concrete Information Security measures.

To further strengthen and consolidate our Groupwide Information Security, we appoint security coordinators to our Legal Affairs and IT departments. We also appoint Information Security Evangelists in each department to responsibly maintain and improve security in all Fast Retailing departments, and work together with the Information Security Office to offer proactive practical Information Security training.

Information Security Framework

• Precautionary Measures and Prompt Response to Incidents
Fast Retailing clearly distinguishes the Information Assets that need to be protected and implements measures to prevent information breaches. In the event of an Information Security related incident, the relevant departments, including the department in which the incident took place, the IT, Legal Affairs, Public Affairs, Customer Service, and Sales departments, work together to implement a prompt response under the direction of our CSO. We work to rapidly determine and implement appropriate new measures based on the cause of an incident to prevent a reoccurrence. We also ensure timely disclosure of information regarding any incident or security breach in accordance with the relevant regulations.

Strengthening Cyber Security Measures

Fast Retailing uses the latest digital technology and information technology to help us become a digital consumer retailing company with rapid and efficient clothes-making processes across all stages; from planning through production, distribution and retail. With cyber attacks becoming increasingly sophisticated and skillful, we have made the strengthening of our cyber security measures an important company priority, and are putting preventive measures in place under the supervision of the CSO to lower the threat of cyber attacks on our digital and information technologies. We strive to improve cyber security measures by reviewing the security of our business processes when employing these technologies, reviewing security in our design and development processes, commissioning vulnerability diagnoses by third-party institutions, monitoring for fraudulent access after a new technology is introduced, and addressing vulnerabilities.

Information Security Training

Fast Retailing works continuously to strengthen training for employees, fostering a corporate culture that ensures the appropriate handling of Information Assets such as corporate confidential information and personal information.

• Training for Employees
We conduct annual e-learning Information Security training for officers and employees. We also conduct regular training sessions on how to handle phishing mails and heighten awareness of other threats to improve Information Security awareness. In addition, we hold Information Security training sessions at Group-wide meetings and individual department conferences, and offer targeted Information Security training for new head office and store employees, mid-career hires, newly-appointed store and company managers, and staff who have transferred to our head office operation.

• Practical Information Security Portal
We operate a multilingual Information Security portal for Group officers and employees. They can use the portal to check our rules and manuals whenever necessary, and read announcements on important Information Security issues and confirm incident reports and responses. Fast Retailing has also compiled an Information Security Handbook that outlines the minimum security measures that must be observed. We seek to ensure full understanding and compliance with this handbook by making it available through our Information Security portal, and promoting it through training and other opportunities.

Top of page