Information Management Issues

To strengthen our cyber security efforts throughout SEKISUI CHEMICAL Group we formulate a Companywide information security policy and share it internally and externally.

Please refer to the SEKISUI CHEMICAL Group’s policies

To provide a cyber security response system, we established a CSIRT^*1, which reports to the Sustainability Committee chaired by the president.
The policy-making body is the Cyber Security Subcommittee, led by the Chief Information Security Officer (CISO), which deliberates on Group-wide cyber security measures and significant security incidents. Cyber Security Promotion Committee advances measures based on subcommittee decisions, and we have also set up a Cyber Security Center as a working unit.
Acting in partnership with the SOC^*2, the Cyber Security Center monitors the security of networks and devices 24 hours a day, 365 days a year, and strives for the early detection of and recovery from incidents. Having posted at least one cyber system administrator on site at each business, we have established a comprehensive Group-wide cyber management system. Even in the case of organizational changes or cyber system administrator reassignments, the Company is constantly aware of the presence or absence of the cyber system administrators at each of its business sites through its registry management system. Together with making our operations in Japan more sophisticated, going forward we will advance the development of CSIRT at Group companies overseas.

The Company takes measures, from both system and human aspects, to maintain the security of customer (including personal) and internal (including confidential) information. To combat external threats, the Company has positioned its SOC as its primary entity to consistently identify new threats, such as newly reported cases of viral infections or targeted e-mail attacks, while SEKISUI CHEMICAL’s CSIRT swiftly takes action to implement appropriate countermeasures. We are also working to prevents information leaks before they occur by, for example, employee education based on e-learning courses and by conducting audits.
CSIRT operations involve the holding of regular Cyber Security Subcommittee/Promotion Committee meetings, reporting the assessments of risk countermeasures at subcommittee meetings and the content of risk countermeasure activities at promotion committee meetings.

So that business operations can be continued even in the event that backbone systems are damaged in a natural disaster, we have established backbone systems within data centers that have measures in place to deal mainly with earthquake resistance and seismic isolation.
In addition, by dispersing data centers among multiple locations, we have established a system that will not cause work to be disrupted even if a particular data center becomes unavailable. By taking steps to completely duplicate mission-critical systems, the Company is working to shorten the lead-time needed up to the completion of repairs and recovery of business operations.

SEKISUI CHEMICAL Group handles the personal information of its customers based on its Privacy Policy, which is available on the Company’s website. The Company complies with legal regulations and norms regarding personal information and, by voluntarily putting in place rules and systems based on internal confidential information management regulations, strives to appropriately protect such information.
We have also formulated Guidelines for Web Server Construction and Management, and endeavor to protect servers managed at relevant companies and each work sites.
At the same time, we ensure thorough management by limiting access rights and other management authority according to the importance of the information handled.
Furthermore, we are strengthening governance over the handling of personal (customer) information by raising employee awareness and providing training, especially during the Compliance Reinforcement Month held annually.

In 2019, a then-employee leaked technical information about HPP Company’s conductive fine particles to an external third party. After this incident was discovered, information management and employee training were enhanced. In order to prevent recurrence, we not only take measures to prevent data leakage through IT technology, but also implement a wide array of measures such as introducing risk management activities in departments that handle confidential technical information, providing moral education and training for engineers, and thoroughly educating employees on confidentiality obligations upon hiring.
As for the overall progress of these recurrence prevention measures, we monitor information leak risks while consolidating the activities of both the Cyber Security Subcommittee and Compliance Subcommittee.