HOME > CSR > Governance > Cyber Security

Cyber Security

Maintaining an Effective Management System to Address Various Information-related Risks

Cyber Management SystemCyber management system with personnel responsible assigned to each business site established

Headed by the CSR Committee chaired by the president, the Network Management Center that has been established under the Cyber Security Committee has set up a monitoring system, carries out the monitoring and recording of information and, having also posted at least one cyber system administrator at each business site, has established a comprehensive Group-wide cyber management system. Even in the case of organizational changes or cyber system administrator reassignments, the Company is constantly aware of the presence or absence of the cyber system administrators at each of its business sites through its registry management system.

Cyber Security System Framework

Roles of Cyber System Administrators

(1) Cyber security measures in general, such as anti-virus

(2) Management and stable operation of information systems, personal computers, software, etc.

(3) General network-related management

(4) Giving of guidance on proper use of cyber systems to employees at each company/department

(5) Act as points of contact for general matters concerning cyber systems, implement work in response

 

Measures to Address Information Leakage RisksImplementing every measure possible from both system and human aspects

The Company takes every measure possible, from both system and human aspects, in order to maintain the security of customer (including personal) and internal (including confidential) information. For external threats, the Network Management Center serves as the hub, constantly ascertaining new threats, such as newly reported viruses and targeted e-mails. In addition to promptly implementing appropriate measures, the Center works on prevention by conducting employee training and auditing by e-learning.

The Company also holds an Information Security Committee meeting once every two months to evaluate risk countermeasures and reports on information security-related activities are made at every meeting.

 

Key System-related (Tangible) Measures

(1) Establish firewalls to completely separate external and internal networks

(2) Monitor and record data through network management centers

(3) Employ the latest security measures for employees’ computers and update software

(4) Enhance in-house production of email systems and prohibit use of personal devices

 

Key Human-related (Intangible) Measures

(1) Conduct security audits as needed at business sites in Japan and overseas.

(2) Adopt entry/exit ID authentication and secondary (photographic, etc.) verification when logging in

(3) Conduct regular e-learning programs (those who do not attain a pass grade will be unable to access the Internet)

 

Measures to Address Natural Disaster-related RisksImplementing every measure possible from both system and human aspects

We have confirmed that earthquake resistance, seismic isolation and other measures have been applied to contracted data centers so that business operations can be continued even in the event that backbone systems are damaged by a major earthquake or other disaster. In addition, by dispersing data centers among multiple locations, we have established a system that will not cause work to be disrupted even if a particular data center becomes unavailable. By taking steps to completely duplicate mission-critical systems, the Company is working to shorten the lead-time needed up to the complete repairs to and recovery of business operations.

 

Protecting Personal Information

Sekisui Chemical has formulated its Personal Information Policy, which is available on the Company’s website. Based on this policy, the Company complies with legal regulations and norms regarding personal information while working to appropriately protect personal information through the creation of voluntary rules and systems.

Personal Information Protection Policy