Social

Information Security

Basic Approach to Information Security

mixi Group aims to create new value by developing businesses with a focus on Internet media. To this end, we recognize that it is our social responsibility to handle information appropriately and safely. While ensuring that information is not leaked (confidentiality), not tampered with (security), and is always available (availability), we are striving to maintain and improve information security for the normal maintenance of information assets.

Information Security Management System

mixi Group has established an information security management system to respond to the constant change in security risks in a holistic and speedy manner. The Risk Management Committee, the Personal Information Protection Management System (PMS) Department, and the Information Security Division all work in coordination, are headed by a director, and share major risks and incidents with the Board of Directors. The Risk Management Committee identifies, evaluates, and proposes responses to cross-organizational risks and summarizes risk information for the Group. The PMS Department operates the Personal Information Protection Management System. The Information Security Department works to prevent information security incidents from occurring during times of normal activity and operates the "mixirt" incident response team. As an internal CSIRT*, "mixirt" has established a system for the early detection of incidents and rapid and accurate emergency responses. In addition, companies affiliated with mixi and mixi Group are working to enhance information security management for the entire Group by collaborating with mixi.

* CSIRT: Computer Security Incident Response Team

Information security chart

Personal Information Protection Initiatives

mixi Group considers the management of personal information to be an important part of its business operations as a means to prevent not only external leakage of personal information, but also the inappropriate use and falsification of such information. To this end, we strictly manage our businesses' workflows and follow regulations related to the handling of personal information, and are proactively working to protect personal information and abide by related laws and company guidelines with initiatives including thorough in-house training for all Group employees.

In addition, the servers that store personal information are strictly managed in a data center with 24-hour security equipment, and access to this personal information is strictly managed, being limited to certain employees.