Information Security

Basic approach

The AEON delight Group has positioned "Responding to the Risks of the Information Society" as one of our Materiality issues, and we are committed to continuously maintaining and improving our level of information security.
To ensure information security and the protection of personal information, we are strengthening information security for personal information and information assets entrusted to us by our stakeholders in accordance with the AEON delight Group Information Security Management Regulations and the Regulations on Protection of Personal Information.

Basic Policies on Information Security

Based on its Basic Principles of “Pursuing peace, respecting humanity, and contributing to local communities, always with the customer’s point of view as its core,” Aeon recognizes the importance of information security and is committed to protecting important information from various threats to contribute to a secure and prosperous life. We believe that the information we hold is an important asset for conducting our business activities and creating added value, and we will manage it properly and securely to build solid relationships of trust with our customers, local communities, business partners, shareholders, and other stakeholders of Aeon.
To make this happen, we have established the following Basic Policies on Information Security as a guideline to ensure that all Aeon employees have a high degree of awareness regarding information security and take action accordingly.

Management system

In accordance with the IT Governance Guidelines, the AEON Group has established a hierarchical governance system with Aeon Co., Ltd. at the top. Based on the AEON Delight Group Information Security Management Regulations, we set an information security system for the entire AEON Delight Group, including all domestic and overseas Group companies, and established the following management system.

With the Executive Officer Chief Manager of IT as the AEON Delight Group's Chief Information Security Officer,we hold Information Security Committee meetings to decide on measures to strengthen information security and promote company-wide implementation of these measures.

In addition to identifying and assessing risks related to information security and implementing countermeasures, we monitor information security through internal audits. Furthermore, the AEON-CSIRT*, a specialized team established by the AEON Group to respond to security incidents,is working to build a system to enhance responses to the increasingly sophisticated cyber-attacks that may affect business continuity.

*Cyber Security Incident Response Team

Organization chart

Key Initiatives

Education for employees

We provide information security and personal information protection training for all AEON delight employees via e-learning once a year to educate them about our policies, information breach incidents, and safety management measures to be taken by each and every employee. In addition, the AEON Group has prepared an Information Security Handbook, which sets forth rules for initial response and reporting in the event of a virus attack, as well as basic security rules for normal times, and we distribute this handbook to our employees. Furthermore, we strive to improve employee security literacy through rank-specific training for new employees and newly appointed managers, and by regularly disseminating news, including measures against targeted e-mail attacks, support fraud, and raising awareness of standards for handling external storage media.

From FY2022, we began offering a DX training program aimed at acquiring the IT Passport to approximately 500 full-time employees in their 20s, which has helped them acquire basic knowledge of information security, among other things.

Protection of personal information

We have established the Personal Information Protection Policy, Privacy Policy, and AEON delight Group Regulations on Protection of Personal Information, and have implemented appropriate safety management measures to protect the personal information that we possess.
We announce any changes to the Personal Information Protection Policy/Privacy Policy on our website and properly obtain the consent of the individual to whom the information pertains when required by law. In addition, each department conducts an annual inventory of the personal information management ledger to list the status of personal information, conducts risk analysis, confirms and corrects safety management measures, and deletes personal information that no longer needs to be retained.