Information Security
Initiatives to Ensure Information Security
Goals and Achievements of Major Initiatives
Establish a global information security framework.
| Goals for fiscal year 2022 | In light of the results of the information security risk assessment, formulate and implement security measures, BCPs and emergency response drills appropriate for a cloudbased information system. |
|---|---|
| Achievements in fiscal year 2022 |
|
| Evaluation | ★★ |
| Goal for fiscal year 2023 | Based on the information security road map devised in fiscal year 2022, decisively implement action plans for themes determined to be of particular importance. |
- Evaluations are based on self-evaluations of current progress.
Key: ★★★= Excellent; ★★ = Satisfactory; ★= Still needs work
Basic Approach to Information Security
The DIC Group has positioned information security as a key management priority and established Basic Policy on Information Security, which is founded on its recognition that protecting information assets that belong to or are managed by the Group is essential to its ability to conduct business. In line with this policy, DIC has formulated and implements confidential information management guidelines. The DIC Group works to ensure that directors and employees use the Group’s information assets properly in the course of business and handle confidential information appropriately. The Group also pursues continuous improvements by conducting internal audits to confirm current issues and identify risks.
Promoting and Enhancing Information Security on a Global Basis
The DIC Group’s approach to information security management rests on four pillars: Regulations and guidelines, management framework, information security infrastructure, and employee education and training. In response to increasingly diverse cyber threats, the Group currently plans to deploy measures implemented in Japan to reinforce information security by enhancing its internet security infrastructure and updating endpoint security systems in key overseas markets.
Regulations and Guidelines
In line with its Basic Policy on Information Security, the DIC Group updates its confidential information management regulations, which stipulate the scope of management and related standards, rules and responsibilities, and information management guidelines, which outline procedures for implementation, as well as its information and communications technology management guidelines, which govern the management of information and communications technology environments, regularly and as required to address new security risks in a timely manner. The Group also creates and revises rules in response to the increasing prevalence of digital technologies and the shift to cloud-based computing.
Management Framework
The Information Security Committee, which is led by the chief information officer (CIO), meets regularly (twice annually) as part of a system to facilitate the timely update of rules and guidelines to accommodate new technologies and risks, and to ensure changes are communicated effectively across the DIC Group. The committee formulates annual targets and initiatives for strengthening information security with the approval of the Sustainability Committee and manages the progress of related efforts. The Group is currently exploring the idea of establishing a system for ensuring information security for the entire global DIC Group, including Sun Chemical.
Information Security Infrastructure
Against a backdrop of increasingly active and sophisticated cyber attacks, including ransomware and targeted threats, the DIC Group is working to respond to rapid changes in working environments attributable to work style reforms, including the expansion of remote work and the increased use of cloud-based services. The Group previously contracted a third-party organization to conduct a risk assessment to evaluate the effectiveness and comprehensiveness of its information security measures from a multifaceted perspective. Based on the results of this assessment, the Group formulated a road map for information security with the aim of responding fl exibly and appropriately to emerging cyber risks, thereby permanently reducing risks to its businesses and management.
Employee Education and Training
The DIC Group offers an e-learning information security program for employees in Japan, the Asia–Pacific region, and the Americas and Europe with access to information, whether online or offl ine. Given the increasingly advanced nature of cyber attacks and crimes, the Group also promotes ongoing efforts to improve employees’ awareness of information security and ability to respond effectively should an issue arise.
Customer Privacy and Customer Data
To date, there have been no substantiated complaints regarding breaches of customer privacy and no incidents of leaks or the loss of customer data.
Comment
We are promoting efforts to enhance information security in production departments.
In recent years, the rapid spread of AI and the Internet of Things (IoT) has resulted in an increasing diverse range of devices being connected via networks. Companies have traditionally collected and analyzed a variety of data, which has enabled them to address labor shortages by increasing factory automation, as well as to enhance the stability of product quality and increase added value. However, the momentous changes in the environment surrounding networks for directly controlling and monitoring production facilities has also brought a dramatic increase in the danger of cyber attacks and many companies have suffered considerable damage as a result.
To date, we have sought to promote partial optimization of responses on a site-specific basis, but Groupwide efforts have been insufficient on certain fronts. Against this backdrop, in September 2018 we established guidelines for security for control systems used in production. In fiscal year 2019, we began offering an e-learning program on control system security for plant general managers and group manager–level employees. In addition to strengthening administration, we are collaborating with the Information Systems Unit to standardize plant control networks with the aim of ensuring safe and secure environments and transforming our plants into smart manufacturing facilities.
General Manager, Production Planning Department, DIC Corporation Kazuyuki Okuya
Promoting Digital Transformation
Guided by its DIC111 medium-term management plan, the DIC Group is actively promoting digital transformation. Having completed preliminary preparations, effective from fiscal year 2020 DIC established the DX Promotion Department—a dedicated department charged with advancing digital transformation—within the Corporate Strategy Unit and stepped up initiatives in individual departments. Technical and production departments are promoting the use of AI technologies in product development and efforts to improve productivity. On the technical side, AI technologies facilitated a significant shortening of the development stage for a new highly heat-resistant, fast-developing novolac resin for use in the production of resists for packaging applications. In production, AI technologies have been introduced into the manufacturing processes for some products to identify factors influencing quality not discernible using conventional methods. Going forward, production departments will also begin looking at the creation of a model factory system with the goal of realizing smart production facilities. These departments will also seek to boost labor productivity beyond current levels by conducting remote monitoring and preventative maintenance of production equipment using sensors and apply VR and augmented reality (AR) in new employee training and the passing on of technologies.
VOICE
Sun Chemical’s information security system
At Sun Chemical, we see firsthand the increase and complexity of cyber threats on a daily basis and understand the potential impacts on business. To ensure business continuity, we are focused on protecting our systems and data assets through people, process and technology. Our information security program’s foundation is based on the globally recognized ISO 27001 information security framework, and our strategy entails a multilayer security approach and continuous improvements based on threat intelligence and incident response. We have invested in diversified technologies such as data loss prevention solutions, the latest anti-virus software, network security solutions and so on. In addition to technology investments, we are focusing efforts on establishing a global user security awareness program to build a security-minded culture within Sun Chemical by training users how to protect themselves and the organization from cyber threats.
(From left) Sun Chemical
Manager, Infrastructure Chimdi Ifeakanwa
Specialist, Security Infrastructure Larry Withrow
Global Process Lead Ryan Vasquez
TOPCS
DIC Earns Japan Institute of Information Technology Award
The Japan Institute of Information Technology (JIIT) recently awarded DIC an IT Management Award for fiscal year 2013,in recognition of its move to absorb its information systems subsidiary with the aim of ensuring effective IT governance. DIC accepted the award at JIIT’s 2014 IT Management Conference, which was held February 6–7, 2014. A representative of DIC also gave a lecture at the conference.
In Japan, it is common for companies to use information systems subsidiaries to create IT systems. The downside of this is that many companies that have spun their IT systems development departments off as affiliates now face a challenge in implementing effective IT governance groupwide. Acknowledging that realizing effective IT governance would require elevating the position of information systems operations within corporate management, DIC took the decision to absorb its information systems subsidiary and refocus resources on systems planning and engineering. The IT Management Award was in recognition of these efforts.
IT Management Award certificate
- The Japan Institute of Information Technology (JIIT) is a public interest association established in July 1981 that conducts R&D on corporate applications of IT, as well as disseminates and promotes the practical implementation of its findings.
- JIIT sponsors the Information Technology Awards (named the OA Awards until 2000), which recognize companies, institutions, operations, divisions and individuals for outstanding efforts and results in using IT to revamp operations. One of these is the IT Management Award, given to entities that have leveraged IT as an innovation tool to effect management transformation or achieve a dramatic increase in productivity.
Document Download
