Maintaining an Effective Management System to Address Various Information-related Risks
Formulation of Cyber Security Policy
To strengthen our cyber security efforts throughout SEKISUI CHEMICAL Group we formulate a Companywide information security policy and share it internally and externally.
Please refer to the SEKISUI CHEMICAL Group’s Basic Policies
Cyber Management System Headed by an Executive Officer
To provide a cyber security response system, we established a CSIRT*1, which reports to the Sustainability Committee chaired by the president. The policy-making body is the Cyber Security Subcommittee, led by the Chief Information Security Officer (CISO), which deliberates on Group-wide cyber security measures and significant security incidents. Cyber Security Promotion Committee advances measures based on subcommittee decisions, and we have also set up a Cyber Security Center as a working unit.
Acting in partnership with the SOC*2, the Cyber Security Center monitors the security of networks and devices 24 hours a day, 365 days a year, and strives for the early detection of and recovery from incidents. Having posted at least one cyber system administrator on site at each business, we have established a comprehensive Group-wide cyber management system. Even in the case of organizational changes or cyber system administrator reassignments, the Company is constantly aware of the presence or absence of the cyber system administrators at each of its business sites through its registry management system. Together with making our operations in Japan more sophisticated, going forward we will advance the development of CSIRT at Group companies overseas.
- Computer Security Incident Response Team, or CSIRT, is the title given to specialized teams that receive reports, conduct surveys and enact response measures related to computer security incidents at companies and other organizations.
- The Security Operation Center, or SOC, is a specialized entity devoted to monitoring and analyzing threats to information systems. It works to detect threats as soon as possible, and plays a role in supporting CSIRT with its response and recovery efforts.
Diagram of Overall Management System
Measures Taken against Information Leaks and Risks from Both System and Human Aspects
The Company takes measures, from both system and human aspects, to maintain the security of customer (including personal) and internal (including confidential) information. To combat external threats, the Company has positioned its SOC as its primary entity to consistently identify new threats, such as newly reported cases of viral infections or targeted e-mail attacks, while Sekisui Chemical’s CSIRT swiftly takes action to implement appropriate countermeasures. We are also working to prevents information leaks before they occur by, for example, employee education based on e-learning courses and by conducting audits.
CSIRT operations involve the holding of regular Cyber Security Subcommittee/Promotion Committee meetings, reporting the assessments of risk countermeasures at subcommittee meetings and the content of risk countermeasure activities at promotion committee meetings.
Key System-related Measures
(1)Store important information on data center servers and fortify data centers
(2)Establish firewalls to completely separate external networks from internal intranet and control networks
(3)Install next-generation virus protection, on all servers and PCs.
(4)Monitoring of above three points by SOC, 24 hours a day, 365 days a year
(5)Install e-mail filters and web filters, ensure safe and secure utilization of employee e-mails and Internet
Key Human-related Measures
(1)Thorough information management by degree of importance
(2)Thorough enforcement of duty of confidentiality for retiring employees and new hires
(3)Conduct regular e-learning programs for all employees
Augment implementation of e-learning sessions for important technology development workers
Measures to Mitigate Risk from Natural Disasters by Dispersing of Systems, etc.
So that business operations can be continued even in the event that backbone systems are damaged in a natural disaster, we have concluded agreements with data centers that have measures in place to deal with various natural disasters, including earthquake resistance and seismic isolation.
In addition, by dispersing data centers among multiple locations, we have established a system that will not cause work to be disrupted even if a particular data center becomes unavailable. By taking steps to completely duplicate mission-critical systems, the Company is working to shorten the lead-time needed up to the completion of repairs and recovery of business operations.
Protecting Personal Information
SEKISUI CHEMICAL Group handles the personal information of its customers based on its Personal Information Policy, which is available on the Company’s website. The Company complies with legal regulations and norms regarding personal information and, by voluntarily putting in place rules and systems, strives to appropriately protect such information.
We have also formulated “Guidelines for Web Server Construction and Management,” and endeavor to protect servers managed at each company and each work site.。