About Us

1.Fundamental Concept and Purpose

The Toa Reinsurance Group (the “Group”) recognizes that one of its top priorities in business administration is to appropriately manage and protect its information assets to live up to the trust of our clients and society toward fulfilling the Mission Statement of “Providing Peace of Mind.”
Based on this recognition, the Group establishes this Policy as its highest-level basic policy for information security for the purpose of protecting the information assets it holds from risks such as leakage, tampering, theft, and loss.
The Group will regularly review this Policy to maintain the appropriate management and protection of its information assets.

2.Definition of Information Assets

“Information assets” mean all the information held and managed by the Group, including information on clients and the Group’s officers and employees, as well as devices and equipment used to handle such information.

3.Risks to Information Assets

The Group recognizes that there are three types of threats (risks) to information assets.

• Technological threats: The threat (risk) that information assets may be leaked out, destroyed, or tampered with through programs or systems
• Human threats: The threat (risk) that information assets may be leaked out, lost, or tampered with by people
• Physical threats: The threat (risk) that systems may be physically damaged

4.Management Structure and Compliance System

Recognizing the risks to information assets, the Group will establish internal regulations that address these risks to prevent them from materializing, minimize the potential impact from materialized risks, and expedite recovery from such impact. The Group will appropriately manage and deal with these regulations by placing them under the responsibility of the officer of the department in charge of each regulation (or the officer in charge of subsidiary operations if negotiations, adjustments, and other activities related to regulations established by a subsidiary are involved).
To ensure the protection of information assets it holds and manages, the Group will also strive to improve information security literacy among its officers and employees through education and awareness activities.
When outsourcing operations to external parties, the Group will establish a structure through which it verifies the appropriate implementation of the outsourced operations.

5.Basic Principles of Action for Officers and Employees

The Group’s officers and employees shall understand the importance of information assets and comply with the relevant laws and regulations, and the Group’s policies and regulations, including those for the appropriate handling and security management of information assets. The Group’s officers and employees shall not use information assets for private purposes.