Information Security

Goals and Achievements of Major Initiatives

Establish a global information security framework.

Goals for fiscal year 2020
  • Prepare and reinforce guidelines for the use of cloud-based services and cloud computing.
  • Strengthen the security environment for mobile devices and investigate and assess technologies for integrating information and execution network technologies.
  • Formulate and strengthen information security rules and frameworks, provide training and encourage awareness in a manner that responds to new information security threats and risks.
  • Create emergency response system to address incidents when they occur.
Achievements in fiscal year 2020
  • A thorough evaluation was conducted and directions were prepared to guide decisions regarding the use of cloud-based services.
  • Standard mobile devices were provided and the communications infrastructure improved to accommodate the rapidly expanding use of telework arrangements.
  • Endpoint security systems for computers and other devices was updated.
Evaluation ★★
Goals for fiscal year 2021
  • Reinforce the security infrastructure and set or update various standards in preparation for the full-scale transition to a cloud-based information system.
  • Evaluations are based on self-evaluations of current progress.
    Key: ★★★= Excellent; ★★ = Satisfactory; ★= Still needs work

Basic Approach to Information Security

The DIC Group has positioned information security as a key management priority and established a Basic Policy on Information Security, which is founded on its recognition that protecting information assets that belong to or are managed by the Group is essential to its ability to conduct business. In line with this policy, DIC has formulated and implemented confidential information management regulations and information management guidelines. The DIC Group works to ensure that directors and employees use the Group’s information assets appropriately in the course of business and appropriately handle confidential information. The Group also pursues continuous improvements by conducting internal audits to confirm current issues and identify risks.

Globally Maintaining and Enhancing Information Security

The DIC Group’s approach to information security management rests on four pillars: Regulations and guidelines, management framework, infrastructure, and employee education and training. The Group is deploying measures in Japan and across the Asia–Pacific region and is promoting similar efforts in the Americas and Europe.

Regulations and Guidelines

In line with its Basic Policy on Information Security, the DIC Group updates its confidential information management regulations, which stipulate the scope of management, related standards, rules and responsibilities, as well as its information management guidelines, which outline implementation procedures, on a regular basis and as required to ensure its ability to address new security risks in a timely manner.
The Group also creates new and revises existing rules as appropriate in response to the increasing prevalence of digital technologies and the shift to cloud-based computing. In addition, the Group has established separate rules for handling personal information and customer information in its information management guidelines, which it is working to disseminate among employees. In fiscal year 2020, the DIC Group reported no breaches of customer privacy or losses of customer data.

Management Framework

The Information Security Committee, which is led by the chief information officer (CIO), meets regularly (twice annually) as part of a system to facilitate the timely update of rules and guidelines to accommodate new technologies and risks, and to ensure changes are communicated effectively across the DIC Group. The committee formulates annual targets and initiatives for strengthening information security with the approval of the Sustainability Committee and manages the progress of related efforts.
To ensure it is prepared in the unlikely event of an information security–related incident, the Group has created a task force operational manual to ensure effective initial responses to incidents when they occur.

Infrastructure

In preparation for the full-scale transition to a cloud-based information system and the expanded use of telework arrangements, in fiscal year 2020 the DIC Group took steps to reinforce its internet security infrastructure and updated endpoint security systems. The Group also proceeded with the construction of a maintenance system to promptly detect information security risks and address incidents when they occur in collaboration with an external partner.
On another front, the DIC Group continued to conduct inspections of its information security management system, regulations, infrastructure, maintenance measures, and employee education and training, from a third-party organization. This helps to clarify issues and challenges and ensure they are reflected in remedial measures.

Employee Education and Training

The DIC Group offers an annual e-learning information security program to employees in Japan and the Asia–Pacific region, in which 90% of eligible employees take part. In fiscal year 2019, this program was broadened to include the protection of personal information. The Group has also provided training dealing with targeted email attacks since fiscal year 2017, working continuously to ensure more practical content to increase employees’ awareness of security. The Group has offered employee training in both information security and in dealing with targeted email attacks in the Americas and Europe since fiscal year 2018.
In response to the emergence of a “new normal” in fiscal year 2020 and the expanded use of telework arrangements, the DIC Group is currently formulating guidelines that accommodate various work styles, which it will work to disseminate across the Group.

Comment

We are promoting efforts to enhance information security in production departments.

General Manager, Production Planning Department, DIC Corporation Kazuyuki Okuya

In recent years, the rapid spread of AI and the Internet of Things (IoT) has resulted in an increasing diverse range of devices being connected via networks. Companies have traditionally collected and analyzed a variety of data, which has enabled them to address labor shortages by increasing factory automation, as well as to enhance the stability of product quality and increase added value. However, the momentous changes in the environment surrounding networks for directly controlling and monitoring production facilities has also brought a dramatic increase in the danger of cyber attacks and many companies have suffered considerable damage as a result.
To date, we have sought to promote partial optimization of responses on a site-specific basis, but Groupwide efforts have been insufficient on certain fronts. Against this backdrop, in September 2018 we established guidelines for security for control systems used in production. In fiscal year 2019, we began offering an e-learning program on control system security for plant general managers and group manager–level employees. In addition to strengthening administration, we are collaborating with the Information Systems Unit to standardize plant control networks with the aim of ensuring safe and secure environments and transforming our plants into smart manufacturing facilities.

General Manager, Production Planning Department, DIC Corporation Kazuyuki Okuya

Promoting Digital Transformation

Guided by its DIC111 medium-term management plan, the DIC Group is actively promoting digital transformation. Having completed preliminary preparations, effective from fiscal year 2020 DIC established the DX Promotion Department—a dedicated department charged with advancing digital transformation—within the Corporate Strategy Unit and stepped up initiatives in individual departments. Technical and production departments are promoting the use of AI technologies in product development and efforts to improve productivity. On the technical side, AI technologies facilitated a significant shortening of the development stage for a new highly heat-resistant, fast-developing novolac resin for use in the production of resists for packaging applications. In production, AI technologies have been introduced into the manufacturing processes for some products to identify factors influencing quality not discernible using conventional methods. Going forward, production departments will also begin looking at the creation of a model factory system with the goal of realizing smart production facilities. These departments will also seek to boost labor productivity beyond current levels by conducting remote monitoring and preventative maintenance of production equipment using sensors and apply VR and augmented reality (AR) in new employee training and the passing on of technologies.

VOICE

Sun Chemical’s information security system

Sun Chemical Manager, Infrastructure Chimdi Ifeakanwa Specialist, Security Infrastructure Larry Withrow Global Process Lead Ryan Vasquez

At Sun Chemical, we see firsthand the increase and complexity of cyber threats on a daily basis and understand the potential impacts on business. To ensure business continuity, we are focused on protecting our systems and data assets through people, process and technology. Our information security program’s foundation is based on the globally recognized ISO 27001 information security framework, and our strategy entails a multilayer security approach and continuous improvements based on threat intelligence and incident response. We have invested in diversified technologies such as data loss prevention solutions, the latest anti-virus software, network security solutions and so on. In addition to technology investments, we are focusing efforts on establishing a global user security awareness program to build a security-minded culture within Sun Chemical by training users how to protect themselves and the organization from cyber threats.

(From left) Sun Chemical
Manager, Infrastructure Chimdi Ifeakanwa
Specialist, Security Infrastructure Larry Withrow
Global Process Lead Ryan Vasquez

We are working to ensure and enhance information security in Southeast Asia and Oceania.

IT Manager of PT. DIC Graphics, AP - IT Helpdesk Head Revi Septiana Rachman

In addition to being in charge of the IT help desk for Southeast Asia and Oceania, I am involved in efforts to devise and firmly establish various information security measures across the region.
Ensuring internal information security is critical to the successful expansion of a company’s operations. For this reason, we must devote considerable attention to creating a framework for protecting the various types of data we handle. Accordingly, we are promoting regional infrastructure improvements with the aim of guaranteeing a superior level of data security. We are also working to deploy and firmly establish regional ICT usage and management guidelines to further improve the security of our information.

IT Manager of PT. DIC Graphics, AP - IT Helpdesk Head
Revi Septiana Rachman

Our efforts focus on enhancing information security in Southeast Asia and Oceania.

Regional Chief Information Officer, DIC Asia Pacific Pte Ltd Hidefumi Ito

I help enhance IT environments in Southeast Asia and Oceania, including maintaining and improving information security, consolidating IT infrastructure and further aligning and expanding the operational and maintenance structure of our SAP system.
Because we are in charge of overseeing subsidiaries in the region, we sought to deploy confidentialinformation management regulations, as well as information management guidelines, among regional subsidiaries. As a regional headquarters that coordinates 16 subsidiaries in 10 countries with diverse cultures and customs, we will continue working to improve information security by, among others, unifying security measures in the region.

Regional Chief Information Officer, DIC Asia Pacific Pte Ltd Hidefumi Ito

We are working to improve information security in Greater China.

DIC (China) Co., Ltd. Corporate IT Director Tylone Zhou

We are tackling the rapid development of virtualization technology and cloud computing by promoting a network integration plan in Greater China. We are also deploying the Basic Policy on Information Security, management regulations for confidential information and information management guidelines at regional subsidiaries with the aim of creating an internal management system that will ensure the security of all information. This is one of several key medium- to long-term projects and will enable us to develop global and regional information systems that meet our business needs as well as satisfy Group security requirements.

DIC (China) Co., Ltd. Corporate IT Director Tylone Zhou

TOPCS

DIC Earns Japan Institute of Information Technology Award

The Japan Institute of Information Technology (JIIT) recently awarded DIC an IT Management Award for fiscal year 2013,in recognition of its move to absorb its information systems subsidiary with the aim of ensuring effective IT governance. DIC accepted the award at JIIT’s 2014 IT Management Conference, which was held February 6–7, 2014. A representative of DIC also gave a lecture at the conference.
In Japan, it is common for companies to use information systems subsidiaries to create IT systems. The downside of this is that many companies that have spun their IT systems development departments off as affiliates now face a challenge in implementing effective IT governance groupwide. Acknowledging that realizing effective IT governance would require elevating the position of information systems operations within corporate management, DIC took the decision to absorb its information systems subsidiary and refocus resources on systems planning and engineering. The IT Management Award was in recognition of these efforts.

IT Management Award certificate

IT Management Award certificate

  • The Japan Institute of Information Technology (JIIT) is a public interest association established in July 1981 that conducts R&D on corporate applications of IT, as well as disseminates and promotes the practical implementation of its findings.
  • JIIT sponsors the Information Technology Awards (named the OA Awards until 2000), which recognize companies, institutions, operations, divisions and individuals for outstanding efforts and results in using IT to revamp operations. One of these is the IT Management Award, given to entities that have leveraged IT as an innovation tool to effect management transformation or achieve a dramatic increase in productivity.