Information Security

Goals and Achievements of Major Initiatives

Establish a global information security framework.

Goals for fiscal year 2019
  • Fortify response to the expanded use of digital technologies.
  • Create a new information infrastructure conducive to work style reform, the further use of mobile devices and the expansion of global collaboration.
  • Formulate and strengthen information security rules and frameworks, provide training and encourage awareness in a manner that responds to new information security threats and risks.
Achievements in fiscal year 2019
  • Efforts to ensure security by standardizing plant control system networks were promoted in collaboration with production departments.
  • Cloud-based security solutions were introduced as a countermeasure against increasingly diverse internet-based threats.
  • In line with the revision of guidelines for the management of personal information and the tightening of password rules, regulations for managing confidential information, information management guidelines and global guidelines for ICT use were amended.
  • E-learning focused on both information security and the protection of personal information was provided.
Evaluation ★★
Goals for fiscal year 2020
  • Prepare/strengthen guidelines for the use of cloud-based services and cloud computing.
  • Strengthen the security environment for mobile devices and investigate and assess technologies for integrating information and execution network technologies.
  • Formulate and strengthen information security rules and frameworks, provide training and encourage awareness in a manner that responds to new information security threats and risks.
  • Create emergency response system to address incidents when they occur.
  • Evaluations are based on self-evaluations of current progress.
    Key: ★★★= Excellent; ★★ = Satisfactory; ★= Still needs work

Basic Approach to Information Security

The DIC Group has positioned information security as a key management priority and established a Basic Policy on Information Security, which is founded on its recognition that protecting information assets that belong to or are managed by the Group is essential to its ability to conduct business. In line with this policy, DIC has formulated and implemented confidential information management regulations and information management guidelines. The DIC Group works to ensure that directors and employees use the Group’s information assets appropriately in the course of business and appropriately handle confidential information. The Group also pursues continuous improvements by conducting internal audits to confirm current issues and identify risks.

Globally Maintaining and Enhancing Information Security

The DIC Group’s approach to information security management rests on four pillars: Regulations and guidelines, management framework, infrastructure, and employee education and training. The Group is deploying measures in Japan and across the Asia–Pacific region and is promoting similar efforts in the Americas and Europe.

Regulations and Guidelines

The DIC Group continues to update its Basic Policy on Information Security, created in 2010, confidential information management regulations, and information management guidelines regularly and as required to ensure its ability to address new security risks in a timely manner. The Group is also implementing new regulations as appropriate in response to the increasing prevalence of digital technologies. In addition, the Group has established separate rules for handling personal information and customer information in its information management guidelines, which it is working to disseminate among employees. In fiscal year 2019, the DIC Group reported no breaches of customer privacy or losses of customer data.

Management Framework

The Information Security Committee meets twice annually to determine policies and procedures for information security in each area of the DIC Group’s operations. Information security officers and managers are also appointed in each individual business group and functional unit to ensure the appropriate management and handling of important everyday information. To ensure it is prepared in the unlikely event of an information security–related incident, the Group has created a task force operational manual and periodically conducts training to ensure effective initial responses to incidents when they occur.

Infrastructure

Recognizing the importance of being prepared before and when incidents occur, and of responding promptly and appropriately in the aftermath, the DIC Group takes decisive steps to fortify its information security infrastructure. In fiscal year 2019, these included formulating a new IT infrastructure plan that encompasses cloud access security broker (CASB), mobile application management (MAM), endpoint detection and response (EDR), security information and event management (SIEM) and other new technologies, based on requirements for IT, including the active use of cloud computing, the functional evolution of smart devices, work style reform, as well as the direction of advances in these areas. During the period, the Group also sought to address increasingly diverse internet threats by introducing new cloud-based security solutions and expanding the use of the Windows 10 operating system, as well as updating security systems designed to strengthen the endpoint security of other computers.

Employee Education and Training

Since fiscal year 2017, the DIC Group has offered an annual e-learning information security program to employees in Japan and the Asia–Pacific region. In fiscal year 2019, this program was expanded to include the protection of personal information. The Group has also provided training in dealing with targeted e-mail attacks since fiscal year 2017 on an irregular basis, working continuously to ensure more practical content to increase employees’ awareness of the importance of security. In fiscal year 2019, the Group began offering information security training for employees in the Americas and Europe, where it has offered training in dealing with targeted e-mail attacks since fiscal year 2018.

Comment

We are promoting efforts to enhance information security in production departments.

General Manager, Production Planning Department, DIC Corporation Kazuyuki Okuya

In recent years, the rapid spread of AI and the Internet of Things (IoT) has resulted in an increasing diverse range of devices being connected via networks. Companies have traditionally collected and analyzed a variety of data, which has enabled them to address labor shortages by increasing factory automation, as well as to enhance the stability of product quality and increase added value. However, the momentous changes in the environment surrounding networks for directly controlling and monitoring production facilities has also brought a dramatic increase in the danger of cyber attacks and many companies have suffered considerable damage as a result.
To date, we have sought to promote partial optimization of responses on a site-specific basis, but Groupwide efforts have been insufficient on certain fronts. Against this backdrop, in September 2018 we established guidelines for security for control systems used in production. In fiscal year 2019, we began offering an e-learning program on control system security for plant general managers and group manager–level employees. In addition to strengthening administration, we are collaborating with the Information Systems Unit to standardize plant control networks with the aim of ensuring safe and secure environments and transforming our plants into smart manufacturing facilities.

General Manager, Production Planning Department, DIC Corporation Kazuyuki Okuya

Promoting Digital Transformation

Guided by its DIC111 medium-term management plan, the DIC Group is actively promoting digital transformation. Having completed preliminary preparations, effective from fiscal year 2020 DIC established the DX Promotion Department—a dedicated department charged with advancing digital transformation—within the Corporate Strategy Unit and stepped up initiatives in individual departments. Technical and production departments are promoting the use of AI technologies in product development and efforts to improve productivity. On the technical side, AI technologies facilitated a significant shortening of the development stage for a new highly heat-resistant, fast-developing novolac resin for use in the production of resists for packaging applications. In production, AI technologies have been introduced into the manufacturing processes for some products to identify factors influencing quality not discernible using conventional methods. Going forward, production departments will also begin looking at the creation of a model factory system with the goal of realizing smart production facilities. These departments will also seek to boost labor productivity beyond current levels by conducting remote monitoring and preventative maintenance of production equipment using sensors and apply VR and augmented reality (AR) in new employee training and the passing on of technologies.

VOICE

Sun Chemical’s information security system

Sun Chemical Manager, Infrastructure Chimdi Ifeakanwa Specialist, Security Infrastructure Larry Withrow Global Process Lead Ryan Vasquez

At Sun Chemical, we see firsthand the increase and complexity of cyber threats on a daily basis and understand the potential impacts on business. To ensure business continuity, we are focused on protecting our systems and data assets through people, process and technology. Our information security program’s foundation is based on the globally recognized ISO 27001 information security framework, and our strategy entails a multilayer security approach and continuous improvements based on threat intelligence and incident response. We have invested in diversified technologies such as data loss prevention solutions, the latest anti-virus software, network security solutions and so on. In addition to technology investments, we are focusing efforts on establishing a global user security awareness program to build a security-minded culture within Sun Chemical by training users how to protect themselves and the organization from cyber threats.

(From left) Sun Chemical
Manager, Infrastructure Chimdi Ifeakanwa
Specialist, Security Infrastructure Larry Withrow
Global Process Lead Ryan Vasquez

We are working to ensure and enhance information security in Southeast Asia and Oceania.

IT Manager of PT. DIC Graphics, AP - IT Helpdesk Head Revi Septiana Rachman

In addition to being in charge of the IT help desk for Southeast Asia and Oceania, I am involved in efforts to devise and firmly establish various information security measures across the region.
Ensuring internal information security is critical to the successful expansion of a company’s operations. For this reason, we must devote considerable attention to creating a framework for protecting the various types of data we handle. Accordingly, we are promoting regional infrastructure improvements with the aim of guaranteeing a superior level of data security. We are also working to deploy and firmly establish regional ICT usage and management guidelines to further improve the security of our information.

IT Manager of PT. DIC Graphics, AP - IT Helpdesk Head
Revi Septiana Rachman

Our efforts focus on enhancing information security in Southeast Asia and Oceania.

Regional Chief Information Officer, DIC Asia Pacific Pte Ltd Hidefumi Ito

I help enhance IT environments in Southeast Asia and Oceania, including maintaining and improving information security, consolidating IT infrastructure and further aligning and expanding the operational and maintenance structure of our SAP system.
Because we are in charge of overseeing subsidiaries in the region, we sought to deploy confidentialinformation management regulations, as well as information management guidelines, among regional subsidiaries. As a regional headquarters that coordinates 16 subsidiaries in 10 countries with diverse cultures and customs, we will continue working to improve information security by, among others, unifying security measures in the region.

Regional Chief Information Officer, DIC Asia Pacific Pte Ltd Hidefumi Ito

We are working to improve information security in Greater China.

DIC (China) Co., Ltd. Corporate IT Director Tylone Zhou

We are tackling the rapid development of virtualization technology and cloud computing by promoting a network integration plan in Greater China. We are also deploying the Basic Policy on Information Security, management regulations for confidential information and information management guidelines at regional subsidiaries with the aim of creating an internal management system that will ensure the security of all information. This is one of several key medium- to long-term projects and will enable us to develop global and regional information systems that meet our business needs as well as satisfy Group security requirements.

DIC (China) Co., Ltd. Corporate IT Director Tylone Zhou

TOPCS

DIC Earns Japan Institute of Information Technology Award

The Japan Institute of Information Technology (JIIT) recently awarded DIC an IT Management Award for fiscal year 2013,in recognition of its move to absorb its information systems subsidiary with the aim of ensuring effective IT governance. DIC accepted the award at JIIT’s 2014 IT Management Conference, which was held February 6–7, 2014. A representative of DIC also gave a lecture at the conference.
In Japan, it is common for companies to use information systems subsidiaries to create IT systems. The downside of this is that many companies that have spun their IT systems development departments off as affiliates now face a challenge in implementing effective IT governance groupwide. Acknowledging that realizing effective IT governance would require elevating the position of information systems operations within corporate management, DIC took the decision to absorb its information systems subsidiary and refocus resources on systems planning and engineering. The IT Management Award was in recognition of these efforts.

IT Management Award certificate

IT Management Award certificate

  • The Japan Institute of Information Technology (JIIT) is a public interest association established in July 1981 that conducts R&D on corporate applications of IT, as well as disseminates and promotes the practical implementation of its findings.
  • JIIT sponsors the Information Technology Awards (named the OA Awards until 2000), which recognize companies, institutions, operations, divisions and individuals for outstanding efforts and results in using IT to revamp operations. One of these is the IT Management Award, given to entities that have leveraged IT as an innovation tool to effect management transformation or achieve a dramatic increase in productivity.