Information Security

Goals and Achievements of Major Initiatives

Establish a global information security framework.

Goals for fiscal year 2021 Reinforce the security infrastructure and set or update various standards in preparation for the full-scale transition to a cloud-based information system.
Achievements in fiscal year 2021
  • Efforts to reinforce the security infrastructure to improve convenience while ensuring security in remote access environments were completed.
  • Site networks were strengthened and expanded in response to the expansion of remote and hybrid work arrangements.
  • An information security risk assessment was conducted by a third-party organization. The effectiveness of steps taken in response to the expansion of cloud-based information systems and diverse work styles, including remote work, was confirmed and a road map was devised based on an analysis of risks.
Evaluation ★★
Goals for fiscal year 2022 In light of the results of the information security risk assessment, formulate and implement security measures, BCPs and emergency response drills appropriate for a cloud-based information system.
  • Evaluations are based on self-evaluations of current progress.
    Key: ★★★= Excellent; ★★ = Satisfactory; ★= Still needs work

Basic Approach to Information Security

The DIC Group has positioned information security as a key management priority and established a Basic Policy on Information Security, which is founded on its recognition that protecting information assets that belong to or are managed by the Group is essential to its ability to conduct business. In line with this policy, DIC has formulated and implemented confidential information management regulations and information management guidelines. The DIC Group works to ensure that directors and employees use the Group’s information assets appropriately in the course of business and appropriately handle confidential information. The Group also pursues continuous improvements by conducting internal audits to confirm current issues and identify risks.

Globally Maintaining and Enhancing Information Security

The DIC Group’s approach to information security management rests on four pillars: Regulations and guidelines, management framework, infrastructure, and employee education and training. To ensure swift responses to increasingly diverse cyber threats, the Group currently plans to deploy measures implemented in Japan to reinforce information security by enhancing its intranet security infrastructure and updating endpoint security systems in key overseas markets (the Asia–Pacific region, the PRC, Taiwan and the ROK.)

Regulations and Guidelines

In line with its Basic Policy on Information Security, the DIC Group updates its confidential information management regulations, which stipulate the scope of management and related standards, rules and responsibilities, as well as its information management guidelines, which outline implementation procedures, on a regular basis and as required to ensure its ability to address new security risks in a timely manner.
The Group also creates new and revises existing rules as appropriate in response to the increasing prevalence of digital technologies and the shift to cloud-based computing. In fiscal year 2021, in response to widespread moves to discontinue the practice of sending password-protected encrypted attachments in an email and then sending a password to unzip the file in a second email (dubbed “PPAP”*), a security measure previously popular with Japanese companies, the Group revised related measures and corresponding guidelines. Enforcement of the new measures and guidelines commenced in January 2022.

  • PPAP is an acronym for “Password-protected file,” “Password,” “Angoka (“encryption” in Japanese) and Protocol.” Japanese companies have been encouraged to discontinue the practice for security reasons.

Management Framework

The Information Security Committee, which is led by the head of the IT strategy unit, meets regularly (twice annually) as part of a system to facilitate the timely update of rules and guidelines to accommodate new technologies and risks, and to ensure changes are communicated effectively across the DIC Group. The committee formulates annual targets and initiatives for strengthening information security with the approval of the Sustainability Committee and manages the progress of related efforts. The Group is currently exploring the idea of establishing a system for ensuring information security for the entire global DIC Group, including Sun Chemical.

Infrastructure

Against a backdrop of increasingly active and sophisticated cyber attacks, including ransomware and targeted threats, the DIC Group is working to respond to rapid changes in working environments attributable to work style reforms, including the expansion of remote work and the increased use of cloud-based services. In fiscal year 2021, the Group contracted a third-party organization to conduct a risk assessment to evaluate the effectiveness and comprehensiveness of its information security measures from a multifaceted perspective. Based on the results of this assessment, the Group will formulate a road map for information security with the aim of responding flexibly and appropriately to emerging cyber risks, thereby permanently reducing risks to its businesses and management.

Employee Education and Training

The DIC Group offers an information security e-learning program to employees in Japan, the Asia–Pacific region, and the Americas and Europe, in which more than 90% of eligible employees take part. The Group also provides training dealing with targeted email attacks to increase employees’ awareness of security. In response to the post-pandemic “new normal,” the Group is currently formulating guidelines that accommodate new work styles, notably telework, which it will work to disseminate to employees worldwide.

Comment

We are promoting efforts to enhance information security in production departments.

General Manager, Production Planning Department, DIC Corporation Kazuyuki Okuya

In recent years, the rapid spread of AI and the Internet of Things (IoT) has resulted in an increasing diverse range of devices being connected via networks. Companies have traditionally collected and analyzed a variety of data, which has enabled them to address labor shortages by increasing factory automation, as well as to enhance the stability of product quality and increase added value. However, the momentous changes in the environment surrounding networks for directly controlling and monitoring production facilities has also brought a dramatic increase in the danger of cyber attacks and many companies have suffered considerable damage as a result.
To date, we have sought to promote partial optimization of responses on a site-specific basis, but Groupwide efforts have been insufficient on certain fronts. Against this backdrop, in September 2018 we established guidelines for security for control systems used in production. In fiscal year 2019, we began offering an e-learning program on control system security for plant general managers and group manager–level employees. In addition to strengthening administration, we are collaborating with the Information Systems Unit to standardize plant control networks with the aim of ensuring safe and secure environments and transforming our plants into smart manufacturing facilities.

General Manager, Production Planning Department, DIC Corporation Kazuyuki Okuya

Promoting Digital Transformation

Guided by its DIC111 medium-term management plan, the DIC Group is actively promoting digital transformation. Having completed preliminary preparations, effective from fiscal year 2020 DIC established the DX Promotion Department—a dedicated department charged with advancing digital transformation—within the Corporate Strategy Unit and stepped up initiatives in individual departments. Technical and production departments are promoting the use of AI technologies in product development and efforts to improve productivity. On the technical side, AI technologies facilitated a significant shortening of the development stage for a new highly heat-resistant, fast-developing novolac resin for use in the production of resists for packaging applications. In production, AI technologies have been introduced into the manufacturing processes for some products to identify factors influencing quality not discernible using conventional methods. Going forward, production departments will also begin looking at the creation of a model factory system with the goal of realizing smart production facilities. These departments will also seek to boost labor productivity beyond current levels by conducting remote monitoring and preventative maintenance of production equipment using sensors and apply VR and augmented reality (AR) in new employee training and the passing on of technologies.

VOICE

Sun Chemical’s information security system

Sun Chemical Manager, Infrastructure Chimdi Ifeakanwa Specialist, Security Infrastructure Larry Withrow Global Process Lead Ryan Vasquez

At Sun Chemical, we see firsthand the increase and complexity of cyber threats on a daily basis and understand the potential impacts on business. To ensure business continuity, we are focused on protecting our systems and data assets through people, process and technology. Our information security program’s foundation is based on the globally recognized ISO 27001 information security framework, and our strategy entails a multilayer security approach and continuous improvements based on threat intelligence and incident response. We have invested in diversified technologies such as data loss prevention solutions, the latest anti-virus software, network security solutions and so on. In addition to technology investments, we are focusing efforts on establishing a global user security awareness program to build a security-minded culture within Sun Chemical by training users how to protect themselves and the organization from cyber threats.

(From left) Sun Chemical
Manager, Infrastructure Chimdi Ifeakanwa
Specialist, Security Infrastructure Larry Withrow
Global Process Lead Ryan Vasquez

TOPCS

DIC Earns Japan Institute of Information Technology Award

The Japan Institute of Information Technology (JIIT) recently awarded DIC an IT Management Award for fiscal year 2013,in recognition of its move to absorb its information systems subsidiary with the aim of ensuring effective IT governance. DIC accepted the award at JIIT’s 2014 IT Management Conference, which was held February 6–7, 2014. A representative of DIC also gave a lecture at the conference.
In Japan, it is common for companies to use information systems subsidiaries to create IT systems. The downside of this is that many companies that have spun their IT systems development departments off as affiliates now face a challenge in implementing effective IT governance groupwide. Acknowledging that realizing effective IT governance would require elevating the position of information systems operations within corporate management, DIC took the decision to absorb its information systems subsidiary and refocus resources on systems planning and engineering. The IT Management Award was in recognition of these efforts.

IT Management Award certificate

IT Management Award certificate

  • The Japan Institute of Information Technology (JIIT) is a public interest association established in July 1981 that conducts R&D on corporate applications of IT, as well as disseminates and promotes the practical implementation of its findings.
  • JIIT sponsors the Information Technology Awards (named the OA Awards until 2000), which recognize companies, institutions, operations, divisions and individuals for outstanding efforts and results in using IT to revamp operations. One of these is the IT Management Award, given to entities that have leveraged IT as an innovation tool to effect management transformation or achieve a dramatic increase in productivity.