Tokai Carbon Group recognizes the importance of establishing and maintaining an appropriate risk management framework for information security, and has established a "Global Security Policy" that applies to all employees of the group. In accordance with this policy, which aims to ensure the robust protection of the information assets handled by our company and thorough compliance with relevant laws and regulations, we strive to maintain and improve information security management.
Scroll horizontally to view the whole table
Item | Contents |
---|---|
1)Scope |
・Information assets (information and IT systems) ・Our group's executives, employees, temporary staff, and IT contractors |
2) Protection of information assets |
・Establishing a security environment to continuously protect information assets from various security threats in order to ensure the confidentiality, integrity, and availability of information assets. ・Strict management of information system usage rights ・Prohibition of use of information systems for purposes other than business ・Detecting and preventing malware and other malicious software ・Minimizing the impact of disasters and security incidents, and business continuity management |
3)Compliance with laws and regulations |
・Compliance with regulations and relevant laws ・Disciplinary action based on rules of employment, etc. in the event of a violation ・Reporting information security incidents |
4)Training |
・Providing education and training on information security to employees |
Tokai Carbon has designated a department to manage and control information security, and Risk Management and Compliance Committee, a voluntary advisory committee to the Board of Directors, monitors the status of responses to measures aimed at reducing significant risks, including information security, as well as the status of incidents, and after due deliberations, reports and proposes measures to the Board of Directors.
We are continuously working to strengthen our control environment for information security.
In particular, we are strengthening the countermeasures against cyber attacks, which have been increasing in number and becoming more sophisticated in recent years, as follows:
・Regularly detect and correct vulnerabilities in IT systems and equipment
・Collect data on information system security and cybersecurity breaches
・Access control measures and malware countermeasures
・Implement Managed Detection and Response (MDR) to monitor PCs, servers, and network communications and respond promptly when abnormal or suspicious behavior is detected
・Establish emergency response plans and incident response procedures (including procedures for employees to report incidents, vulnerabilities, and suspicious cases)
We continuously provide training and conduct drills to raise employee awareness of information security.