Security Policy

KDDI, having a mission to provide telecommunication services in a safe and stable manner, shall strive to earn the trust of its customers and related parties by handling of customer information and confidential corporate information securely as well as consistently taking appropriate precautionary measures against information leak risks. For this purpose, KDDI releases this "Security Policy" both internally and externally, and declares its intent to comply with this policy and the "Privacy Policy" (see separate document).

This Security Policy (hereafter referred to as "this policy") defines the basic policy related to information security, in order for KDDI Corporation (hereafter referred to as "KDDI") to affirm the proper management of information as an important management issue and to ensure information security.

KDDI, having a mission to provide telecommunication services in a safe and stable manner, shall strive to earn the trust of its customers and related parties by handling of customer information and confidential corporate information securely as well as consistently taking appropriate precautionary measures against information leak risks. For this porpose, KDDI releases this policy both internally and externally, and declares its intent to comply with this policy and the Privacy Policy (see separate document).

All KDDI employees, executives, and temporary personnel shall comply with this policy and the Privacy Policy (see separate document).

In order to protect and appropriately manage all of its information assets, KDDI shall regularly hold meetings of its Information Security Committee, which is comprised of top executives, and shall maintain a system that monitors the state of information security management at a company-wide level and allows prompt implementation of any security measures deemed necessary by risk analysis.

KDDI shall establish an appropriate information security system and implement physical, technological, operational, administrative, and human measures to prevent incidents involving information assets, such as unauthorized access, data destruction, information leaks, and falsification. KDDI shall also implement incident response measures that, in the event of an information security breach, provide a quick recovery and solution to problems and maintain the high reliability and continuity of KDDI's telecommunications business operations.

KDDI shall establish internal regulations based on this policy and the Privacy Policy (see separate document) and thoroughly familiarize employees with the company´s clearly defined policies and rules in order to appropriately manage its information assets.

KDDI shall make efforts to improve the information security literacy of all employees and related parties, and shall continuously implement information security education and training to ensure the appropriate management of KDDI´s information assets.

When operations are contracted in full or in part to outside companies, KDDI shall thoroughly screen the contractors to ensure competence and shall require, by contract and other means, that they maintain a level of security matching that of KDDI. In addition, to verify that this level of security is maintained, KDDI shall regularly audit contractors and review the management system.

KDDI shall endeavor to comply fully with all applicable laws and regulations, as well as rules and regulations defined by the company, and shall make every effort to appropriately manage information by severely punishing any violations.

KDDI shall conduct regular and irregular internal information security audits to confirm that business operations comply with information security laws and regulations, as well as rules and regulations defined by the company, and to verify the effective functioning of the information security system.

KDDI will continuously implement improvements to information security by building and utilizing its information security management system (ISMS) on a company-wide level.