SII has been using IT systems to further enhance the technologies of “SYO”ism that it has developed over the years. We also run many IT systems to grapple with the rapidly-changing business environment.
While digital transformation (DX) is being promoted in recent years, the threats, such as information leaks due to cyber attacks on the IT systems that support businesses and fraud using business email, are becoming more widespread and more serious.
SII continues to review and implement information security measures as a key management responsibility in order to protect and maintain the IT system as an important infrastructure.
To ensure information security, SII employees have been working as a team under a promotion framework consisting of senior management in chief executive roles based on internal regulations and various guidelines.
Information assets are evaluated and classified based on confidentiality, completeness, and availability to clarify security risks and take the necessary steps to maintain these information assets.
In addition, we are working to create a safe and stable environment by ensuring that all employees are fully aware of the importance of information security and the specific items to be observed, as well as conducting regular education and training to improve their information security literacy.
Furthermore, in order to realize diverse and flexible work styles, including telework, we are implementing multi-layered security enhancements for mobile access environments such as PCs and smartphones that are taken outside the office.
- Develop manuals for security incidents.
- Conduct training that assumes targeted e-mail attacks.
- Strengthen and review Internet security measures.
- Enhance security in telework environments
- Strengthen account authentication (multi-factor authentication).
We have established a personal information protection policy and have taken necessary safety control measures to prevent leakage, loss, damage, or falsification of personal information, including the following:
- Regular education on the protection and appropriate handling of personal information.
- Access control for employees in areas where personal data is handled and measures to prevent unauthorized access to personal data.
- Appropriate access control and other security measures when personal data is handled using information systems that include personal computers and other equipment.
- When personal data is handled by a third party in a foreign country, necessary and appropriate measures for security management based on an understanding of the system for the protection of personal data in that foreign country.