The Nippon Shokubai Group recognizes that ensuring information security is a corporate social responsibility and considers it an important management issue that affects business continuity. We have established an Information Security Policy to manage and protect the information we handle as important assets, and we will use such information appropriately in our business activities.
Information Security Policy
The Nippon Shokubai Group handles its information assets as well as information assets provided by third parties in compliance with all relevant laws, regulations, and internal rules. We strive to maintain and improve appropriate information management and information security in order to protect information assets from the risks associated with accidents, disasters, and crime as we work to earn the trust of stakeholders and the public at large with an eye to minimizing the potential impact of any security incidents on our business operations.
Our information management and information security initiatives cover all business activities of our Group and are designed to ensure that all officers and employees correctly recognize the importance of information security and take appropriate actions.
We are working to maintain, manage, and improve information security. We have established a management organization needed to achieve systematic and continuous information security operations so that we can implement more appropriate information security measures in response to the growing complexity of our business activities on a global scale and preserve the public’s trust while ensuring safety and security.
The DX Promotion Division is responsible for information security, and the head of the DX Promotion Division serves as the chief information security officer under the supervision of the Member of the Board/Executive Officer in charge. We have established a dedicated team to manage and protect information in the Information Technology Management Department as a headquarters organization. The team works with the departments in charge of information security at business offices and Group companies to strengthen information security.
We have defined basic information security measures (e.g., the introduction of virus scanning software, access control, and external storage device control) that should be implemented in order to protect the information assets we handle from external threats and periodically monitor their implementation status. We also conduct vulnerability assessments by outside experts and examine appropriate responses to enhance network security. In order to prevent information leaks from inside the company, we check the information system operation logs of all officers and employees and take other measures to strengthen our monitoring system. In the event of any violation of internal rules on information security, we will take strict action in accordance with the rules of employment and disciplinary procedures.
Information Security Education
We believe that the awareness of all officers and employees is important to ensure information security and protect information assets. As an information security awareness activity, we provide all officers and employees with targeted attack email training and information security education on an ongoing basis. Providing regular education in this way enables us to improve the information literacy and ethics of each individual and train them to correctly understand information security and information handling. While it is most important to prevent incidents from occurring, we have made it a rule to immediately report any incidents to our security team, so that we can take swift and appropriate action to minimize damage.