Risk ManagementBasic Policy on Cybersecurity

Japan Securities Clearing Corporation (hereinafter referred to as “JSCC”), recognize that, with a solid risk-management framework, contributing to sustainable development of the markets by improving the efficiency, serviceability and safety of the markets as post-trade processing infrastructure is our social responsibility and we will observe all laws and regulations related to cybersecurity.
Cyberattacks are considered a significant risk by JSCC and we pursue management-led cybersecurity measures.
Recognizing that it is impossible to completely defend against cyberattacks, we will continue to improve our defenses against them and resilience (minimizing impact and accelerating recovery), while steadily promoting measures to respond to future environmental changes, such as verifying advanced technologies.

We will develop cybersecurity standards by referring to various guidelines in Japan and overseas, and promote the formulation of strategies, the establishment of structures, and the strengthening of countermeasures.
The organizations in charge of cybersecurity management and countermeasures will also be clarified and various measures implemented in a unified manner throughout the company, with these organizations at the center.
We will establish a company-wide communication arrangement that includes the Board of Directors and management. A PDCA (plan-do-check-act) cycle; to include the assessment, monitoring and improvement of cyber risks; will also be put into action, while a governance arrangement that enables appropriate management decisions in response to changes in the environment will be developed.

In the event of a cyber incident, we will set a target for resuming operations that adheres to JSCC's business continuity plan (BCP).
We have collaborated JPX-CSIRT to analyze cyberthreats and implement security measures, and we monitor threats and implement countermeasures on a 24/7 basis.
We regularly hold drills and exercises to ensure that we can respond quickly and reliably to emergencies, including through information sharing, decision-making, external communications, and technical support.
In the event of a risk materializing, we will provide appropriate information to clearing participants and ensure the safety of the entire ecosystem.

Based on the concept of “security by design”, we will strive to implement cyber security measures in various business activities, including the development, design, manufacture, and provision of systems and services.
In order to identify cyber risks and prevent them from occurring, we collect threat intelligence from sources such as the government and security vendors, and implement prioritized countermeasures based on the impact they could have on JSCC.
We will introduce a multilayered defense structure for the system and test the effectiveness and efficacy of technical measures by continuously implementing threat-led penetration testing (TLPT) and other measures, working to further strengthen resilience.

We will secure security personnel through development of in-house human resources and appropriate use of outsourcing.
An understanding of the importance of cybersecurity will be promoted through regular education and training for all personnel engaged in JSCC, including not only JSCC officers and employees but also business support staff. We will also establish a corporate culture of working together towards the safe and stable operation of financial market infrastructure.
In addition, we will build an effective arrangement by implementing appropriate education and training according to the responsibilities and roles to be fulfilled by management and IT staff.

In addition to JSCC business-related parties such as clearing participants, designated market operators, fund settlement banks and other related institutions, we recognize as an organization that the supply chain surrounding JSCC is diverse, including business partners (such as equipment suppliers) involved in the operation of IT services that are at the source of our business.
We will implement initiatives that contribute to raising awareness of the threat of cyberattacks and cybersecurity, including the issuance of cautions via our website, to these related parties.
By conducting training in collaboration with clearing participants and government agencies, which are important parties concerned in clearing services we will work to improve the overall reliability of the financial market.