Governance

Information Security

The Nissui Group retains the personal information of customers in its mail-order/e-commerce business, etc. It is not only our corporate responsibility but also indispensable for the sustained growth of the Nissui Group to prevent the leakage/loss of such personal information and important information on management, business, research, etc. Having established the "Information Security Subcommittee" under the Risk Management Committee, we are executing information security management in a thoroughgoing manner by putting regulations and rules in place, including the "Basic Policy on Information Security," enhancing the system administration framework and periodically conducting education and training for employees.

system, 株式会社ニッスイ サステナビリティ推進部, 外部協力者, 株式会社ニッスイ コーポレートコミュニケーション部, 株式会社ニッスイ 人事部人事課

Basic Policy on Information Security

system, 株式会社ニッスイ サステナビリティ推進部, 外部協力者, 株式会社ニッスイ コーポレートコミュニケーション部, 株式会社ニッスイ 人事部人事課

Privacy & Policy

system, 株式会社ニッスイ サステナビリティ推進部, 外部協力者, 株式会社ニッスイ コーポレートコミュニケーション部, 株式会社ニッスイ 人事部人事課

Promotion Framework - The Information Security Subcommittee

The Information Security Subcommittee, which is aimed at enhancing the information security level of Nissui and its Group companies in Japan, is convened four times a year. The Subcommittee is chaired by an Executive Officer designated by the President & CEO and its members consist of the Executive Officer (in charge of risk management) and the respective heads of departments centering on the Corporate Administration Group. Its main activities involve the formulation and progress management of various measures to make the Basic Policy on Information Security function effectively, as well as the execution of procedures to deal with information security risks that have newly arisen.

[Figure] Information Security Subcommittee
Risk Management Committee
  • Chair: President & CEO
  • Members: All of the Executive Officers
  • Secretariat: General Affairs Department
  • Report to: Board of Directors
  • Holding frequency: Four times a year
Information Security Subcommittee
  • Chair: Executive Officer appointed by the Chair of the Risk Management Committee
  • Members: Executive Officer (In charge of Risk Management), General Managers Centered on the Corporate Administration Group
  • Secretariat: ICT Department
  • Holding frequency: Four times a year
system, 株式会社ニッスイ サステナビリティ推進部, 外部協力者, 株式会社ニッスイ コーポレートコミュニケーション部, 株式会社ニッスイ 人事部人事課

Initiatives to Enhance Information Security

Initiatives Targeted at Nissui Corporation

With respect to all employees, we make the information security rules widely known and conduct information security education and training at least once a year. Also, a security audit is conducted periodically—i.e., once a year—at business locations where important information is retained.

FY2022 Results
Category of Initiatives Description of Initiatives Coverage Results
Education Training aimed at newly-assigned employees to help them understand basic security principles New graduates/experienced hires Face-to-face/online training: Twice
Training to raise information security awareness and promote internal rules Executives/employees E-learning: Once (participation rate: 94.2%)
Security awareness training for employees who handle personal customer information Departments handling customer personal information E-learning: Once (participation rate: 100.0%)
Test aimed at determining understanding of internal rules that leads to more efficient training Executives/employees E-learning: Once (participation rate: 97.5%)
Training Training aimed at building resilience to targeted attacks by email Executives/employees Twice
Training to develop information security incident response capabilities Members of the Information Security Subcommittee and related parties Once
Audit Audit to understand and improve security conditions at sites that retain critical information Umi no Genki Club online shop In FY2022, conducted system audit for renewal of online shop
Once (Evaluation: no irregularities)

Initiatives Targeted at Group Companies in Japan

Standards to be achieved had been set in three fields—i.e., policy formulation, technical measures and personnel measures—for the purpose of evening out the security level across the Group in Japan. We encourage all group companies in Japan to achieve the standards and continue to improve their security levels while rotating the PDCA improvement cycle, in order to deal with the security risks that are becoming more serious year by year.

Conference of IT Divisions of the Nissui Group in Japan

For the purpose of deliberating the direction of promoting the adoption of information technology (IT) in the Group in the medium- to long-term, a conference targeted at the respective persons in charge of IT divisions in the Group is held each year. At the conference, participants exchange opinions on IT in general, including such topics as information security measures, utilization of cutting-edge technologies, and consideration of system adoption. In terms of information security, participants share the latest trends in threats and the status of information security measures taken at each Group company, identify information security issues that should be tackled by the Group in the medium- to long-term and bring their views together with respect to the countermeasures.

Conference of IT Divisions of the Nissui Group in Japan

system, 株式会社ニッスイ サステナビリティ推進部, 外部協力者, 株式会社ニッスイ コーポレートコミュニケーション部, 株式会社ニッスイ 人事部人事課