JPX HOME
Governance / Risk Management
Information Security Management
Basic Approach to Information Security
Basic Policy on Cybersecurity
Handling of Personal Information
Privacy Policy
ISO 27001
Cookie Policy
  • X
  • facebook
  • youtube
  1. About JPX
  2. Governance / Risk Management
  3. Information Security Management
  4. Basic Policy on Cybersecurity
Update : Apr. 01, 2025

Basic Policy on Cybersecurity

Recognition of Operational Issues

Japan Exchange Group, Inc.; Tokyo Stock Exchange, Inc.; Osaka Exchange, Inc.; Tokyo Commodity Exchange, Inc.; JPX Market Innovation & Research, Inc.; Japan Exchange Regulation; and Japan Securities Clearing Corporation (hereinafter referred to as “JPX”), recognize that ensuring the safe and stable operation of financial market infrastructure is our social responsibility and we will observe all laws and regulations related to cybersecurity.
Cyberattacks are considered a significant risk by JPX and we pursue management-led cybersecurity measures.
Recognizing that it is impossible to completely defend against cyberattacks, we will continue to improve our defenses against them and resilience (minimizing impact and accelerating recovery), while steadily promoting measures to respond to future environmental changes, such as verifying advanced technologies.

Governance Arrangement

We will develop cybersecurity standards by referring to various guidelines in Japan and overseas, and promote the formulation of strategies, the establishment of structures, and the strengthening of countermeasures.
The organizations in charge of cybersecurity management and countermeasures will also be clarified and various measures implemented in a unified manner throughout the company, with these organizations at the center.
We will establish a company-wide communication arrangement that includes the Board of Directors and management. A PDCA (plan-do-check-act) cycle; to include the assessment, monitoring and improvement of cyber risks; will also be put into action, while a governance arrangement that enables appropriate management decisions in response to changes in the environment will be developed.

Incident Response Arrangement

In the event of a cyber incident, we will set a target for resuming operations that adheres to JPX's business continuity plan (BCP).
We have established JPX-CSIRT to analyze cyberthreats and implement security measures, and we monitor threats and implement countermeasures on a 24/7 basis.
We regularly hold drills and exercises to ensure that we can respond quickly and reliably to emergencies, including through information sharing, decision-making, external communications, and technical support.
In the event of a risk materializing, we will provide appropriate information to market stakeholders and ensure the safety of the entire ecosystem.

Efforts to Implement Cybersecurity Measures

Based on the concept of “security by design”, we will strive to implement cyber security measures in various business activities, including the development, design, manufacture, and provision of systems and services.
In order to identify cyber risks and prevent them from occurring, we collect threat intelligence from sources such as the government and security vendors, and implement prioritized countermeasures based on the impact they could have on JPX.
We will introduce a multilayered defense structure for the system and test the effectiveness and efficacy of technical measures by continuously implementing threat-led penetration testing (TLPT) and other measures, working to further strengthen resilience.

Fostering Corporate Culture and Securing Human Resources

We will secure security personnel through development of in-house human resources and appropriate use of outsourcing.
An understanding of the importance of cybersecurity will be promoted through regular education and training for all personnel engaged in JPX, including not only JPX officers and employees but also business support staff. We will also establish a corporate culture of working together towards the safe and stable operation of financial market infrastructure.
In addition, we will build an effective arrangement by implementing appropriate education and training according to the responsibilities and roles to be fulfilled by management and IT staff.

Ensuring the Safety of Third Parties

In addition to JPX business-related parties such as market stakeholders, listed companies, and business partners and users of market-related services, we recognize as an organization that the supply chain surrounding JPX is diverse, including business partners (such as equipment suppliers) involved in the operation of IT services that are at the source of our business.
We will implement initiatives that contribute to raising awareness of the threat of cyberattacks and cybersecurity, including the issuance of cautions via our website, to these related parties.
By conducting training in collaboration with market stakeholders and government agencies, which are important parties concerned in market operations, we will work to improve the overall reliability of the financial market.

JPX Cybersecurity Management Arrangement

 
Governance / Risk Management
PageTop
  • X
  • facebook
  • youtube
OSZAR »