CSR Activity Report (CSR Guideline Activity Reports) - Risk Management
Addressing Information Security Risks
Addressing Information Security Risks
Toray Group has formulated its Confidential Information Management Regulations and Regulations for the Management of Personal Information for the purpose of protecting confidential information and personal information owned by the Group and of appropriately managing the confidential information and personal information entrusted by suppliers and stored by the Group.
Based on these regulations, Toray Industries, Inc. established the position of Corporate Information Security Officer (held by the Senior Vice President, General Administration & Communications Division) as the officer responsible for the Toray Industries.
The Corporate Information Security Officer discusses and coordinates measures related to enhancing information security with related departments, and promotes their deployment. Under the Corporate Information Security Officer, the Group is working to enhance information security by defining the roles and responsibilities of each division and department, and by establishing an Information Security Committee in each department for their promotion.
In terms of the electronic information security sector, which has been faced with growing risk of late, the Group formulated the Electronic Information Security Standards based on the Confidential Information Management Regulations in order to appropriately manage intellectual property and to implement measures designed to prevent information leaks.
Each group company in and outside Japan formulates basic rules in accordance with the regulations and standards of Toray Industries, Inc., and promotes measures related to information security. Moreover, information security has been included in the fifth three-year set of priority risks for Toray Group (fiscal 2021–2023), and more comprehensive initiatives will be taken group-wide. The plan for and progress regarding priority risks are reported to the Board of Directors on a regular basis.
Combating Cyber Attacks
Toray Group is taking the following initiatives to respond to today’s increasingly sophisticated cyberattacks.
- Thoroughly implementing and enhancing existing initiatives
Standardizing and automating the settings and security measures of PCs owned by the Group
- Enhancing network security
- (1) Constant monitoring and analysis of communications between the outside (Internet) and the corporate network, and within the corporate network
- (2) Periodic expert vulnerability assessments of connections with the outside (Internet) and reviews of appropriate responses
- Enhancing education and training
Because IT measures alone may not be sufficient to address today’s increasingly sophisticated cyberattacks, the Group also conducts education through regular e-learning (once a year) and several unannounced rounds of suspicious e-mail response training for all employees.
Prevent Employees from Leaking Confidential Information
In addition to providing information security education for all employees on an annual basis, Toray Group conducts grade-specific training for employees, including new employees and newly appointed managers, in aims of improving security awareness and skill-levels. At the same time, an e-mail magazine is sent out regularly and a series on information security is carried in an in-house magazine to encourage the improvement of information security literacy among all employees.
Before removing a computer or smartphone from an office, for example, employees must receive permission from a manager. In addition, the actual device must be inspected monthly, and an inventory of assets is taken once every six months. Moreover, the Group has established approaches to dealing with the loss of such devices and other similar incidents, and has built mechanisms to minimize damage thereof.
Click here for the main initiatives for CSR Guideline 5, “Risk Management” in CSR Roadmap 2022.