Information security

Our approach to information security

The Recruit Group provides opportunities for customers (consumers) and clients (advertisers) to come together and discover Opportunities for Life through various media, including magazines, the Internet, smart devices, and mobile devices, as well as events, counter services, and other activities.

In our service operations we handle large amounts of customer and client information. Protecting personally identifiable information as required by law and guarding confidential information that benefits clients are therefore ongoing priorities.

Systems and mechanisms

The Security Management Office and Internal Control Office work together to manage information across the entire Recruit Group.

An information management officer is also assigned at each Group company to manage information at that company, and a system has been built to monitor efforts at each company and implement measures rapidly as needed for the entire Group.

Our approach to information management

Demonstrate purpose of use and obtain approval

To responsibly handle the information we are entrusted with so that customers and clients can use our services with assurance, the Recruit Group has instituted information management rules based on its Code of Ethics with these three tasks as basic principles.

Code of ethics

Personal information protection policy

At the Recruit Group we handle large amounts of customer and employee data in our business operations. We have established a policy for handling personally identifiable information based on our Code of Ethics.

Personal information protection policy

Educating employees on information management

The Recruit Group trains employees in the management of information.

A yearly compliance test given to employees to ensure that they understand the rules and systems for handling information. Last year we also introduced a security test and other means to enhance our training with respect to the handling of personal information.

Other information management training is given as needed in each company. For example, separate training on the handling of personal information is given to employees involved in media relations, while training on the management of information from the viewpoint of systems is given to employees involved with systems.

To raise employee awareness we also post announcements (posters, monitors, distributed materials) within the company and distribute card cases, cellphone straps, and other items to all employees with "Kagi (key)-chan," a lock-themed character, as a motif to keep information management in everyone's thoughts.

Kagi (key)-chan

Acquisition of the privacy mark

Each company in the Recruit Group manages personal information strictly and is encouraged to obtain the Privacy Mark.

Establishment of Recruit-CSIRT and affiliation with the Nippon CSIRT Association

The Recruit Group founded the Recruit Cyber Security Incident Response Team (Recruit-CSIRT) in April 2015. This is a system response team centered on the Security Management Office to deal with security incidents. At that time we registered as a member of the Nippon CSIRT Association. *1 We continue to strengthen our security measures while exchanging security-related information both within the company and with other companies as well.

*1 A CSIRT (computer security incident response team) is a body tasked with addressing computer security-related incidents, including accidents and emergency situations. Companies and other organizations establish their own CSIRTs and constantly gather and analyze incident-related information, vulnerability information, and attack indication information and establish response policies and procedures.