Information Security
Initiatives to Ensure Information Security
Goals and Achievements of Major Initiatives
Establish a global information security network.
| Fiscal year | Goals | Achievements | Evaluation |
|---|---|---|---|
| 2024 | Based on the information security road map, continue to decisively implement action plans for themes determined to be of particular importance. Minimize information security risks in a global and open cloud-based digital environment, strengthen ability to address incidents when they occur and to minimize the impact thereof. |
|
★★ |
| 2025 | Conduct a third-party assessment and update the information security road map. Based on assessment results, develop action plans to decisively address themes determined to be of particular urgency or importance, including comprehensive upgrading of configurations, employee capabilities, administrative and operational systems, the IT system environment, procedures and rules, and education and training programs. | ― | ― |
- Evaluations are based on self-evaluations of current progress.
Key: ★★★ = Excellent; ★★ = Satisfactory; ★ = Still needs work
Basic Approach to Information Security
The DIC Group has positioned information security as a key management priority and established the Basic Policy on Information Security, which is founded on its recognition that protecting information assets that belong to or are managed by the Group is essential to its ability to conduct business. The DIC Group works to ensure that directors and employees use the Group’s information assets properly in the course of business and handle confidential information—including information disclosed by third parties, the confidentiality of which the Group is obliged to protect—appropriately. The Group also pursues continuous improvements by conducting internal audits to confirm current issues and identify risks.
Promoting and Enhancing Information Security on a Global Basis
The DIC Group’s approach to information security management rests on four pillars: Regulations and guidelines, management framework, information security infrastructure, and employee education and training.
Regulations and Guidelines
In line with its Basic Policy on Information Security, in Asia the DIC Group has set forth confidential information management guidelines, information management regulations, and information and communications technology management guidelines, to give form to this policy and govern its implementation. Sun Chemical Corporation, which oversees DIC Group operations in the Americas and Europe, has established the Written Information Security Program (WISP), which encompasses all related regulations and guidelines. All information security regulations and guidelines are updated regularly and as required to address new security risks in a timely manner. The Group also establishes and revises guidelines and rules governing the use of generative AI, cloud-based computing and control systems in response to the rapid evolution of digital technologies.
Management Framework
The Information Security Committee, which is led by the head of the IT Strategy Unit, meets regularly (twice annually) and whenever necessary as part of a system to facilitate the timely update of rules and guidelines to accommodate new technologies and risks, and to ensure changes are communicated effectively across the DIC Group. The committee formulates annual targets and initiatives for strengthening information security with the approval of the Sustainability Committee and manages the progress of related efforts.
Information Security Infrastructure
In addition to regularly conducting vulnerability assessments worldwide, the DIC Group employs third-party organizations to conduct information security risk assessments and maturity evaluations. The Group has formulated an information security road map, which it updates in response to potential risks identified through these assessments and in accordance with which it implements measures in a systematic manner. The Group is also working to enhance response capabilities in the event of an emergency by revising and expanding incident response training=based systems, as well as response procedure manuals and playbooks, and by making effective use of support services provided by third-party security experts. In addition, the Group is working to enhance control systems management at individual sites by promoting the effective use of guidelines, as well as the determination of management cycles, to address issues identified through risk analysis and audits.
The DIC Group in the Asia–Pacific region continues to deploy security infrastructure and tools introduced in Japan to local Group companies. Sun Chemical is also implementing various measures, including penetration testing from various perspectives, strengthening its cyber attack detection and analysis capabilities, and gradually rolling out advanced security-related operating procedures to improve the efficiency of and automation of its business.
Employee Education and Training
The DIC Group offers an e-learning information security program for all employees who use its internal IT network. Given the increasingly advanced nature of cyber attacks and crimes, the Group also promotes ongoing efforts to improve employees’ awareness of information security and ability to respond effectively should an issue arise, including providing training, generally on a quarterly basis, in how to contend with phishing attacks. Through these education and training programs, the Group succeeded in steadily raising the security awareness of employees, despite the ever-more sophisticated and malicious nature of email cyber attacks, owing to the growing role played by generative AI in such attacks.
Customer Privacy and Customer Data
In fiscal year 2024, there were no substantiated complaints regarding breaches of customer or employee privacy and no incidents of leaks or the loss of customer data.
VOICE
This is Sun Chemical’s Global IT Security Program.
Sun Chemical’s Global IT Security program is designed to protect the company’s digital assets and information systems across all regions and departments. This program includes the establishment of a Security Operations Center (SOC) for real-time monitoring, orchestration and response; the adoption of the Continuous Adaptive Risk and Trust Assessment (CARTA)* framework as a strategic approach to information security; and the deployment of a robust IT security awareness program for strengthening cyber security risk management and our security culture, as well as of comprehensive policies and guidelines to ensure consistent security practices. Our security program also emphasizes collaboration and communication with various stakeholders and focuses on continuous improvement through regular assessments, penetration tests and audits.
Manager, IT Security Awareness Program, Sun Chemical Corporation Tatiana Butcher
Senior Director of Business Optimization (Leads Global IT Security), Sun Chemical Corporation Chimdi Ifeakanwa
Architect, Data Security, Sun Chemical Corporation Sonny Samarakoon
Manager, Global IT Security Operations, Sun Chemical Corporation Larry Withrow
- CARTA is an IT security framework that replaces traditional perimeter-based security with the continuous monitoring and evaluation of users, devices, technology and services, empowering organizations to dynamically update policies on, for example, access permissions, based on context-aware security assessments.
Document Download
