The Nissui Group retains the personal information of customers in its mail-order/e-commerce business, etc. It is not only our corporate responsibility but also indispensable for the sustained growth of the Nissui Group to prevent the leakage/loss of such personal information and important information on management, business, research, etc. Having established the "Information Security Subcommittee" under the Risk Management Committee, we are executing information security management in a thoroughgoing manner by putting regulations and rules in place, including the "Basic Policy on Information Security," enhancing the system administration framework and periodically conducting education and training for employees.
The Information Security Subcommittee, which is aimed at enhancing the information security level of Nissui and its Group companies in Japan, is convened four times a year. The Subcommittee is chaired by an Executive Officer designated by the President & CEO and its members consist of the Executive Officer (in charge of risk management) and the respective heads of departments centering on the Corporate Administration Group. Its main activities involve the formulation and progress management of various measures to make the Basic Policy on Information Security function effectively, as well as the execution of procedures to deal with information security risks that have newly arisen.
With respect to all employees, we make the information security rules widely known and conduct information security education and training at least once a year. Also, a security audit is conducted periodically—i.e., once a year—at business locations where important information is retained.
|Category of Initiatives||Description of Initiatives||Coverage||Frequency|
|Education||Implement learning and tests in e-learning format||All employees of Nippon Suisan Kaisha, Ltd. (Nissui)||At least once a year|
|Training||Hold a pseudo-attack email drill||Same as above||At least once a year|
|Audit||Conduct a security audit at business locations where important information is retained||Business locations where customers' personal information, research information, etc. is retained||Once a year|
Standards to be achieved had been set in three fields—i.e., policy formulation, technical measures and personnel measures—for the purpose of evening out the security level across the Group in Japan, and 30 out of 37 Group companies in Japan achieved these standards as of March 31, 2022.
For the purpose of deliberating the direction of promoting the adoption of information technology (IT) in the Group in the medium- to long-term, a conference targeted at the respective persons in charge of IT divisions in the Group is held each year. At the conference, participants exchange opinions on IT in general, including such topics as information security measures, utilization of cutting-edge technologies, and consideration of system adoption. In terms of information security, participants share the latest trends in threats and the status of information security measures taken at each Group company, identify information security issues that should be tackled by the Group in the medium- to long-term and bring their views together with respect to the countermeasures.