Information Security

Goals and Achievements of Major Initiatives

Objective of initiative Goals for fiscal year 2017 Achievements in fiscal year 2017 Evaluation Goals for fiscal year 2018
Establish a global information security framework. ・Deploy common ICT-related usage and management guidelines in Japan, the Asia–Pacific region and Greater China.
・Commence the implementation of measures to reinforce information security in the Asia–Pacific region.
・Create a framework for the implementation of measures to strengthen BCPs.
・Common ICT-related usage and management guidelines were deployed and related training provided in Japan, the Asia–Pacific region and Greater China.
・An Asia–Pacific region information infrastructure/secure environment creation project was promoted.
・Steps were taken to reinforce information security based on a risk assessment conducted by a third-party organization.
★★ • Reinforce network infrastructure based on information infrastructure/BCPs designed to ensure preparedness for natural disasters and other issues.
• Complete Asia–Pacific region information infrastructure/secure environment creation project.
• Reinforce end-point security.
  • Evaluations are based on self-evaluations of current progress. Key: ★★★ = Excellent; ★★ = Satisfactory; ★ = Still needs work

Basic Approach to Information Security

Basic Approach to Information Security

The DIC Group has positioned information security as a key management priority and established a Basic Policy on Information Security, which is founded on its recognition that protecting information assets that belong to or are managed by the Group is essential to its ability to conduct business. In line with this policy, DIC has formulated and implemented confidential information management regulations and information management guidelines. (The regulations and guidelines were created in Japan in fiscal year 2010. Deployment in Asia and Oceania commenced in fiscal year 2015.)
The DIC Group works to ensure that directors and employees use the Group’s information assets appropriately in the course of business and appropriately handle confidential information. The Group also pursues continuous improvements by conducting internal audits to confirm current issues and identify risks.

Globally Maintaining and Enhancing Information Security

Initiatives in Japan

DIC has continuously taken steps to fortify its system for responding to targeted cyber attacks and other critical risks to its information security. In fiscal year 2017, the Company also took steps to update its information security policy and rules to accommodate the Internet of Things (IoT), the integration of information and operational systems and the expansion of cloud computing and other new technologies. DIC also invited a third-party organization to assess its information security initiatives, which served to illuminate issues requiring attention from an expert, objective and multifaceted perspective, and has begun taking steps to address these issues in order or priority.
The DIC Group periodically employs an e-learning program to encourage awareness of information security and provide training to all employees in dealing with targeted cyber attacks. In fiscal year 2018, the Group will update and reinforce this program with a view to its continued use.

Initiatives in the Asia–Pacific Region and in Greater China

In fiscal year 2017, the DIC Group formulated information and communications technology (ICT) usage and management guidelines for the Asia–Pacific region and for Greater China. By promoting the deployment and firm establishment of these rules, the Group will continue working to reinforce the information security measures of DIC Group companies in these regions.

Initiatives in the Americas and Europe

Having recognized information security as a challenge of vital importance, the Sun Chemical Group, which oversees operations in the Americas and Europe, works to ensure business continuity and mitigate risks to its information systems and the confidentiality, integrity and accessibility of its data. The Sun Chemical Group also promotes continuous, systematic efforts, based on ISO 27001, designed to reinforce its information security countermeasures, thereby ensuring that it earns and maintains the trust of its stakeholders.

Safeguarding Information Security Environments in Asia and Oceania

The DIC Group has developed an overall plan for adopting a security system in Asia and Oceania based on a unified infrastructure and in fiscal year 2017 began building country-specific management systems with the aim of combating, among others, computer viruses and software vulnerabilities. In fiscal year 2018, the Group will develop a framework that will enable local IT staff to maintain information security and operate related systems.

Initiatives Aimed at Resolving System Failures

The DIC Group backs up its business systems, which are crucial to its ability to ensure global business continuity, by maintaining duplicate systems at a secondary data center. The Group also promotes ongoing, systematic initiatives to ensure preparedness in the event of a natural disaster, pandemic of other unforeseen event, including ensuring mobile connection system redundancy and reinforcing backup centers.

Common ICT Usage and Management Guidelines for Asia: Formulation, Education and Enforcement

With opportunities for using ICT tools expected to continue increasing, the ability of individual employees to use related tools effectively, with a proper understanding of precautions and rules, will benefit the DIC Group. In fiscal year 2017, the Group formulated common ICT usage and management guidelines for Japan, the Asia–Pacific region and Greater China. These guidelines are based on rules for the use of ICT-related hardware and software previously used in Japan.

VOICE

Sun Chemical’s information security system

At Sun Chemical, we see firsthand the increase and complexity of cyber threats on a daily basis and understand the potential impacts on business. To ensure business continuity, we are focused on protecting our systems and data assets through people, process and technology. Our information security program’s foundation is based on the globally recognized ISO 27001 information security framework, and our strategy entails a multilayer security approach and continuous improvements based on threat intelligence and incident response. We have invested in diversified technologies such as data loss prevention solutions, the latest anti-virus software, network security solutions and so on. In addition to technology investments, we are focusing efforts on establishing a global user security awareness program to build a security-minded culture within Sun Chemical by training users how to protect themselves and the organization from cyber threats.

Sun Chemical Manager, Infrastructure Chimdi Ifeakanwa Specialist Security Infrastructure Larry Withrow Global Process Lead Ryan Vasquez

Sun Chemical
(From left) Manager, Infrastructure Chimdi Ifeakanwa
Specialist, Security Infrastructure Larry Withrow
Global Process Lead Ryan Vasquez

VOICE

We are working to ensure and enhance information security in Southeast Asia and Oceania.

In addition to being in charge of the IT help desk for Southeast Asia and Oceania, I am involved in efforts to devise and firmly establish various information security measures across the region.
Ensuring internal information security is critical to the successful expansion of a company’s operations. For this reason, we must devote considerable attention to creating a framework for protecting the various types of data we handle. Accordingly, we are promoting regional infrastructure improvements with the aim of guaranteeing a superior level of data security. We are also working to deploy and firmly establish regional ICT usage and management guidelines to further improve the security of our information.

IT Manager of PT. DIC Graphics,AP - IT Helpdesk Head Revi Septiana Rachman

IT Manager of PT. DIC Graphics,
AP - IT Helpdesk Head
Revi Septiana Rachman

VOICE

Our efforts focus on enhancing information security in Southeast Asia and Oceania.

I help enhance IT environments in Southeast Asia and Oceania, including maintaining and improving information security, consolidating IT infrastructure and further aligning and expanding the operational and maintenance structure of our SAP system.
Because we are in charge of overseeing subsidiaries in the region, we sought to deploy confidentialinformation management regulations, as well as information management guidelines, among regional subsidiaries. As a regional headquarters that coordinates 16 subsidiaries in 10 countries with diverse cultures and customs, we will continue working to improve information security by, among others, unifying security measures in the region.

DIC Asia Pacific Pte Ltd Regional Chief Information Officer Hidefumi Ito

Regional Chief Information Officer,
DIC Asia Pacific Pte Ltd
Hidefumi Ito

VOICE

We are working to improve information security in Greater China.

We are tackling the rapid development of virtualization technology and cloud computing by promoting a network integration plan in Greater China. We are also deploying the Basic Policy on Information Security, management regulations for confidential information and information management guidelines at regional subsidiaries with the aim of creating an internal management system that will ensure the security of all information. This is one of several key medium- to long-term projects and will enable us to develop global and regional information systems that meet our business needs as well as satisfy Group security requirements.

Corporate IT Director, DIC (China) Co., Ltd. Tylone Zhou

Corporate IT Director, DIC (China) Co., Ltd. Tylone Zhou

TOPICS DIC Earns Japan Institute of Information Technology Award

IT Management Award certificate
IT Management Award certificate

The Japan Institute of Information Technology (JIIT) recently awarded DIC an IT Management Award for fiscal year 2013,in recognition of its move to absorb its information systems subsidiary with the aim of ensuring effective IT governance. DIC accepted the award at JIIT’s 2014 IT Management Conference, which was held February 6–7, 2014. A representative of DIC also gave a lecture at the conference.
In Japan, it is common for companies to use information systems subsidiaries to create IT systems. The downside of this is that many companies that have spun their IT systems development departments off as affiliates now face a challenge in implementing effective IT governance groupwide. Acknowledging that realizing effective IT governance would require elevating the position of information systems operations within corporate management, DIC took the decision to absorb its information systems subsidiary and refocus resources on systems planning and engineering. The IT Management Award was in recognition of these efforts.

Notes:

  • 1.The Japan Institute of Information Technology (JIIT) is a public interest association established in July 1981 that conducts R&D on corporate applications of IT, as well as disseminates and promotes the practical implementation of its findings.
  • 2.JIIT sponsors the Information Technology Awards (named the OA Awards until 2000), which recognize companies, institutions, operations, divisions and individuals for outstanding efforts and results in using IT to revamp operations. One of these is the IT Management Award, given to entities that have leveraged IT as an innovation tool to effect management transformation or achieve a dramatic increase in productivity.

Sustainability>

HOME > Sustainability > The DIC Group's Sustainability Program > Information Security