お問い合わせGovernance: Information Security
Initiatives for Information Asset Management
For daily business operations and smooth communication, it is extremely important to use information assets effectively. On the other hand, the risk of information being leaked or otherwise mishandled is growing due to the inappropriate management of information assets. For this reason, all personnel who handle information are required to understand the importance of information assets and manage and use them properly. In the case of an emergency, we must prevent it from becoming worse and affecting other operations, and make the greatest possible effort to maintain information security on a Group-wide basis.
Regulations are set under the “Information Asset Management Basic Policy” to protect, utilize, control, and manage information assets.
Furthermore, related rules and regulations such as “Information Asset Management Standards" stipulate the details concerning the handling, management, retention period, and discarding of all information related to our customers and suppliers. In addition, we have formulated the “Standards for Preventing Technology Leaks” in order to prevent the outflow of technologies.
We also regularly carry out training related to information asset management, check the status of compliance with the “Information Asset Management Basic Policy” and other rules, and perform internal audits. In September 2024, we revised the “Information Asset Management Basic Policy” and “Information Asset Management Standards” and applied them to Shin-Etsu Group companies in Japan and overseas.
The Shin-Etsu Chemical head office and information management local offices established in each region play a central role in confirming the storage and management status of information assets through audits of all departments throughout the company. We are working to further advance the prevention of information leaks and the organizing information and effective use of information.
Protection of Personal Information
In order to properly protect personal information in accordance with the Act on the Protection of Personal Information, we have established a “Privacy Policy,” which is available on our website.
We also educate our staff on laws and regulations and hold lectures regarding personal information protection in trainings for each staff rank in order to ensure the appropriate handling and protection of personal information.
Group companies in the EU area comply with the EU’s General Data Protection Regulation (GDPR)*1, which came into force in May 2018.
*1General Data Protection Regulation (GDPR)
The General Data Protection Regulation stipulates on the handling and transfer of personal information. EU member countries had their own regulations to protect personal data, and these regulations were unified under the General Data Protection Regulation in May 2018.
Cyber Security
To systematically defend against cyberattacks, we implement a perimeter (multi-layered) defense.
We have established security countermeasures for entrance, internal and exit of system, and maintain a 24/7 Security Operation Center (SOC) for monitoring. In addition, we undergo security assessments by external vendors and continuously implement necessary security measures.
- Entrance security countermeasures:Sand Box*2 etc.
- Internal security countermeasures:Access log monitoring etc.
- Exit security countermeasures:Web Access Control etc.
We have also strengthened security measures to protect important data and equipment from cyberattacks by physically and logically separating the factory automation network from the office automation network. Meanwhile, we investigate the security measures of other Group companies, requiring them to strengthen their security measures to the same level as Shin-Etsu Chemical, and providing support for doing this. In March 2024, we revised our digital utilization guidelines, which cover such areas as generative AI, translation software, stricter password policies, and cloud usage, and made them widely known to Group companies. In order to strengthen information security measures at Group companies in Japan and overseas, in September 2024 we started organizing online video conferences with each company, attended by its president and system administrator, to exchange information and confirm that operations are being carried out in accordance with the latest policies.
We invite outside experts to give lectures on cyber security. In 2024, we designated August as Cybersecurity Month, and held a lecture on the theme of “cybersecurity countermeasures,” with content that was easy for users to understand, including incident case studies and the latest cyberattack trends.
We have deployed a system to prevent targeted email attacks. In addition to measures for preventing intrusions, we are strengthening our measures for detecting and analyzing attacks. In order to raise employee awareness of security, we also conduct targeted email attack drills every year for the Shin-Etsu Chemical and group companies. E-mails simulating the latest targeted attack techniques were sent to all participants four times a year, and after the training was completed, explanatory materials on targeted attack e-mails were distributed to all participants. We provide individual training to each employee those who opened the targeted e-mails at least twice during the drill.
*2Sand Box for Mail
A virtual environment that detects programs that act like viruses when using e-mail.
(Shin-Etsu Chemical Head Office, August 2024)