The Nissui Group retains the personal information of customers in its mail-order/e-commerce business, etc. It is not only our corporate responsibility but also indispensable for the sustained growth of the Nissui Group to prevent the leakage/loss of such personal information and important information on management, business, research, etc. Having established the "Information Security Subcommittee" under the Risk Management Committee, we are executing information security management in a thoroughgoing manner by putting regulations and rules in place, including the "Basic Policy on Information Security," enhancing the system administration framework and periodically conducting education and training for employees.
The Information Security Subcommittee, which is aimed at enhancing the information security level of Nissui and its Group companies in Japan, is convened four times a year. The Subcommittee is chaired by an Executive Officer designated by the President & CEO and its members consist of the Executive Officer (in charge of risk management) and the respective heads of departments centering on the Corporate Administration Group. Its main activities involve the formulation and progress management of various measures to make the Basic Policy on Information Security function effectively, as well as the execution of procedures to deal with information security risks that have newly arisen.
With respect to all employees, we make the information security rules widely known and conduct information security education and training at least once a year. Also, a security audit is conducted periodically—i.e., once a year—at business locations where important information is retained.
Category of Initiatives | Description of Initiatives | Coverage | Results |
---|---|---|---|
Education | Training aimed at newly-assigned employees to help them understand basic security principles | New graduates/experienced hires | Face-to-face/online training: Twice |
Training to raise information security awareness and promote internal rules | Executives/employees | E-learning: Once (participation rate: 94.2%) | |
Security awareness training for employees who handle personal customer information | Departments handling customer personal information | E-learning: Once (participation rate: 100.0%) | |
Test aimed at determining understanding of internal rules that leads to more efficient training | Executives/employees | E-learning: Once (participation rate: 97.5%) | |
Training | Training aimed at building resilience to targeted attacks by email | Executives/employees | Twice |
Training to develop information security incident response capabilities | Members of the Information Security Subcommittee and related parties | Once | |
Audit | Audit to understand and improve security conditions at sites that retain critical information | Umi no Genki Club online shop | In FY2022, conducted system audit for renewal of online shop Once (Evaluation: no irregularities) |
Standards to be achieved had been set in three fields—i.e., policy formulation, technical measures and personnel measures—for the purpose of evening out the security level across the Group in Japan. We encourage all group companies in Japan to achieve the standards and continue to improve their security levels while rotating the PDCA improvement cycle, in order to deal with the security risks that are becoming more serious year by year.
For the purpose of deliberating the direction of promoting the adoption of information technology (IT) in the Group in the medium- to long-term, a conference targeted at the respective persons in charge of IT divisions in the Group is held each year. At the conference, participants exchange opinions on IT in general, including such topics as information security measures, utilization of cutting-edge technologies, and consideration of system adoption. In terms of information security, participants share the latest trends in threats and the status of information security measures taken at each Group company, identify information security issues that should be tackled by the Group in the medium- to long-term and bring their views together with respect to the countermeasures.