Fiscal 2019 CSR Activity Report - Risk Management

Addressing Information Security Risks

Governance

Addressing Information Security Risks

Toray Group has formulated its Confidential Information Management Regulations and Regulations for the Management of Personal Information for the purpose of protecting confidential information and personal information owned by the Group and of appropriately managing the confidential information and personal information entrusted by suppliers and stored by the Group.
Based on these regulations, the Group established the Corporate Information Security Officer as the officer responsible for the entire Group. The Corporate Information Security Officer discusses and coordinates measures related to enhancing information security with related departments, and promotes their deployment. Under the Corporate Information Security Officer, the Group is working to enhance information security by defining the roles and responsibilities of each division and department, and by establishing an Information Security Committee in each department for their promotion.
In terms of the electronic information security sector, which has been faced with growing risk of late, the Group formulated the Electronic Information Security Standards based on the Confidential Information Management Regulations in order to appropriately manage intellectual property and to implement measures designed to prevent information leaks.
Moreover, each group company formulates basic rules in accordance with regulations and standards of Toray Industries, Inc., and promotes measures related to information security.

Combating Cyber Attacks

Along with thoroughly implementing and enhancing existing initiatives, such as standardizing and automating the settings and security measures of PCs owned by the Group, Toray Group is taking steps that include analyzing and monitoring the content of communications.
Because simply taking steps against increasingly sophisticated cyber-attacks from the stance of IT is insufficient, the Group also enhances education and training initiatives, which include conducting suspicious e-mail response training for all employees.

Prevent Employees from Leaking Confidential Information

In addition to providing information security education for all employees on an annual basis, Toray Group conducts grade-specific training for employees, including new employees and newly appointed managers, in aims of improving security awareness and skill-levels.
Before removing a computer or smartphone from an office, for example, employees must receive permission from a manager, and the actual device must be inspected monthly. Moreover, the Group has established approaches to dealing with the loss of such devices and other similar incidents, and has built mechanisms to minimize damage thereof.