Information Security
Basic Policy
Information systems play a key role in all aspects of business activities.
We believe that protecting information assets from all kinds of threats, including cyberattacks, unauthorized access, data breaches, and other risks arising from inside and outside the Group, is a key management issue. Aware of the importance of managing information and their responsibilities in this regard, all directors and employees in the Kaneka Group are committed to properly managing information.
Policy
Basic Information Management Policy
-
Observance of laws/regulations and rules
The trust and confidence of society and customers is the most precious asset the Group must protect.
Complying with laws and regulations, social norms, and internal regulations/procedures is the basic principle that all individuals engaged in business activities should follow. -
Protection of confidential information
Confidential information concerning manufacturing processes, research, sales, etc. is the source of the Group’s competitiveness.
All individuals engaged in business activities must be fully aware of this, and must not leak such information or use it for illicit purposes. In particular, data requiring strict handling, such as personal information and information entrusted as confidential from other entities, must be identified as such and managed strictly by the person in charge of information management at each company. -
Establishment of systems/structures
In order to sustain and expand the Group’s business, it is essential to make effective use of information and increase the efficiency of business operations.
In addition to establishing rules regarding information security and continuing to improve information systems to ensure safe, effective use of information, the persons responsible for information management should be determined to ensure appropriate information management. -
Implementation of training and awareness-raising programs
With the strengthening of Group management and increased use of external resources, people with diverse values and ethics are involved in Kaneka’s business operations.
To ensure smooth cooperation with these members, efforts should be made to raise awareness of information security risks and to enhance and continue training on information security including ethical aspects.
We have established the Basic Information Management Policy and Information Management Regulations to strengthen the protection of our information assets both in Japan and overseas.
Promotion System
We have put in place a risk management system at the Kaneka Group that is led by management. Within the IoT Solutions Center (Information Systems Department), we have set up an organization for information security. Through this organization, which is headed by the Group information management manager who is the director in charge, we appropriately manage information to avoid information leakage and other risks, and promote effective use of information and efficiency in operations.
Target and Result
| Fiscal 2023 target | Fiscal 2023 performance |
|---|---|
| Serious information security incidents 0 |
0 |
Strengthening of Information Security
The Kaneka Group is working to reinforce various security measures to prevent serious information security incidents.
In fiscal 2023, there were zero serious information security incidents resulting in suspension of operations, leakage of personal information, or other damage.
Guarding against Cyberattacks
Drawing on the principles of the National Institute of Standards and Technology (NIST) Cybersecurity Framework, we have put in place multi-layered security measures across our entire supply chain. We also undergo regular security assessments by external vendors in both IT and operational technology (OT), and make improvements based on their findings.
| Classification of Measures | Countermeasures |
|---|---|
| Governance | ・Development of Information Security Regulations and Standards |
| Identify | ・Asset management of PCs and servers used by the Group |
| Protect | ・Malware and vulnerability protection for PCs, servers, and networks ・E-learning for employees, targeted attack email training |
| Detect | ・Establishing a Global Security Operations Center (SOC*) |
| Respond | ・Establishment of an information security incident response system |
| Recover | ・Regular backup of critical information |
* SOC (Security Operation Center): A system for monitoring and analyzing threats to information systems.
Strengthening Information Management for Employees
In fiscal 2023, we conducted training to enhance literacy about information security.
- Conducted e-learning for all employees
- Conducted targeted email attack training for all employees (twice)
- Information security onboarding training (new graduates/mid-career hires)
- Conducted incident response training in the information security specialist organization
- Conducted training for information management officers in each division/Group company
