Information Security
Basic ideas and policies
Resonac has established information security rules to be applied across the Group, both in Japan and outside the country, to maintain and improve its level of information security. We handle our own information assets and those entrusted to us by those outside the company in strict compliance with the rules. We thereby protect such information assets from various threats and treat them appropriately regarding information security.
Management system
We have a department devoted to information management and protection, have established an information security system to be operated organizationally on a company-wide basis, and have clarified the roles and responsibilities to be fulfilled under the system. Moreover, we regularly evaluate our information security management system and measures for continuous improvement so that we can respond to changes in the management environment and society at large and ensure compliance with various laws and regulations with regard to information security.
Regular updates on the information risk management situation are provided to management.
Strategy
To properly manage our own information assets and those entrusted to us by other parties, we will build, implement, maintain and continuously improve a global system to promptly detect and deal with threats posed to such assets to minimize the potential for harm. To this end, we will reference the global security framework, introduce globally standardized processes and security solutions to our domestic and overseas business locations, educate our employees, and regularly monitor compliance with the framework.
Targets
We will appropriately manage our company’s information assets and those entrusted to us by other parties, establish and operate a global early detection and response system to minimize the damage caused by various threats, and continuously maintain and improve the system.
Employee education
We provide all employees in and outside Japan with e-learning opportunities, including training with regard to targeted e-mail attacks, with a view toward helping them to increase their information security awareness and prepare against more sophisticated strikes.
Management of outsourcing companies
Before outsourcing operations to other companies, we check their information security risk-related education, enlightenment and initiative levels to confirm that they are on par with the Resonac Group in terms of information security.