Improved information security helps to maintain the trust invested in us by our clients, and also contributes to the stability of society at large. The Nitto Group adheres to the principle of “actions based on laws and ethics,” and discharges its responsibilities to society through our information security management activities.
Information systems play a vital role in all aspects of the Nitto Group’s business activities. Meanwhile, cyber-attacks are becoming more sophisticated, and human risks such as internal misconduct and negligence are also increasing. In accordance with its Basic Policy on Information Security, the Nitto Group monitors trends in information security threats and takes appropriate measures to address the risks posed by information system failures and the alteration, loss, or leakage of technical information, customer information, transaction information, personal information, and other information as a result of unauthorized access. In doing so, we strive to ensure the confidentiality, integrity, and availability of information and improve the safety of our business operations.
In accordance with its Basic Policy on Information Security, and in order to conduct business activities with consideration for information security, the Nitto Group has established a governance system centered on the Corporate Strategy Meeting under the direction and supervision of the Board of Directors, with the President and CEO assuming ultimate responsibility. This system is designed to formulate and implement short-, medium-, and long-term strategies. In addition, to undertake activities across the entire Nitto Group, we have established an Information Security Committee chaired by a Group Information Security Officer appointed by the President and CEO. This committee is responsible for establishing information security regulations, sharing information on information security matters, and developing guidelines for new technologies and fields. This structure enables us to monitor the status of information security management and risks across the entire Group and to rapidly deploy and continually improve various measures to strengthen information security. In addition, we are strengthening our management framework through monitoring by the specialized departments and special function departments in charge of risk management, as well as regular internal audits by an independent department in charge of internal audits.
 |
To protect information assets from cyber-attacks, we have implemented various security measures, including multi-layered protection and the establishment of a CSIRT, a body responsible for early detection and response. In addition, we regularly conduct vulnerability assessments of our information systems and make improvements to resolve any problems that are detected.
Protecting information belonging to Nitto, as well as to our customers and partners, from internal and external threats requires not only the establishment of rules and technical measures but also a high level of awareness and responsiveness to information security on the part of every employee.
Nitto is working to improve information security literacy and awareness among employees by conducting annual information security education and workplace training, as well as periodic drills simulating targeted email attacks, for all employees, including company officers.
Employees who discover an information security incident or a potentially dangerous situation (such as vulnerabilities or suspicious behavior that could lead to an incident) shall report it promptly to the reporting and consultation desk and relevant departments, in accordance with the response procedures, and take appropriate measures.
In addition, as part of the Nitto Group's business continuity management (BCM) activities, we have established a business continuity plan (BCP) for information security and conduct regular training accordingly.
