Maintaining an Effective Management System to Address Various Information-related Risks
Cyber Management SystemBuilding a Cyber Management System with Personnel Responsible Assigned to Each Business Site
Headed by the CSR Committee, which is chaired by the president, the Network Management Center that has been established under the Cyber Security Committee has set up a monitoring system, carries out the monitoring and recording of information and, having also posted at least one cyber system administrator at each business site, has established a comprehensive Group-wide cyber management system. Even in the case of organizational changes or cyber system administrator reassignments, the Company is constantly aware of the presence or absence of the cyber system administrators at each of its business sites through its registry management system.
Cyber Security Organizational Chart
Roles of Cyber System Administrators
(1)Cyber security measures in general including those relating to anti-viruses
(2)Management and stable operation of information systems, personal computers, software, etc.
(3)General network-related management
(4)Giving of guidance on proper use of cyber systems to employees at each company / department
(5)Acting as points of contact for, and responding to, other general matters relating to cyber systems
Measures to Address Information Leakage RisksImplementing Every Measure Possible from Both System and Human Aspects
The Company takes every measure possible, from both system and human aspects, in order to maintain the security
of customer (including personal) and internal (including confidential) information. For external threats, the Network
Management Center serves as the hub, constantly identifying new threats, such as newly reported viruses and targeted
e-mails. In addition to promptly implementing appropriate measures, the Center works on prevention by conducting
employee training and auditing by e-learning.
The Company also holds an Information Security Committee meeting once every two months to evaluate risk countermeasures and reports on information security-related activities at every meeting.
Key System-related (Tangible) Measures
(1)Establish firewalls to completely separate external networks from internal intranet and control networks
(2)Monitor and record data through network management centers
(3)Employ the latest security measures for employee computers and update software
(4)Enhance email systems through in-house production and prohibit the use of personal devices in business
Key Human-related (Intangible) Measures
(1)Conduct security audits as needed at business sites in Japan and overseas
(2)Adopt entry / exit ID authentication and secondary (photographic, etc.) verification when entering major domestic offices
(3)Conduct regular e-learning programs (those who do not attain a pass grade will be unable to access the Internet → Japan only)
Measures to Address Natural Disaster-related RisksDuplication and Dispersing of Systems, as well as Earthquake Resistance and Seismic Isolation Measures
We have confirmed that earthquake resistance, seismic isolation and other measures have been applied to contracted data centers so that business operations can be continued even in the event that backbone systems are damaged by a major earthquake or other disaster. In addition, by dispersing data centers among multiple locations, we have established a system that will not cause work to be disrupted even if a particular data center becomes unavailable. By taking steps to completely duplicate mission-critical systems, the Company is working to shorten the lead-time needed up to the completion of repairs and recovery of business operations.
Protecting Personal Information
Sekisui Chemical has formulated its Personal Information Policy, which is available on the Company’s website. Based on this policy, the Company complies with legal regulations and norms regarding personal information while working to appropriately protect personal information through the creation of voluntary rules and systems.
Strategies Aimed at Countering CyberattacksNationwide Training on Information Management
In order to effectively counter the kinds of cyberattacks against companies that have become increasingly common in
recent years, Sekisui Chemical conducted training sessions on information management in collaboration with the Information
Systems Group and the Legal Department. Training consisted of a video presentation on cyberattacks and
information on how to prepare for these kinds of attacks in everyday activities.
During fiscal year 2017, a total of 10 corporate compliance training sessions were conducted at business sites throughout Japan and were attended by 464 Employees.