The director in charge of the Information System Dept. serves as the Chief Administrator to ensure information security. We also have our Information Security Committee chaired by the Chief Administrator with an eye to increasing the effectiveness of our information security management and reducing security risks regarding the NGK SPARK PLUG Group’s information assets through the concerted effort of the management team and on-site workers. We foster appropriate measures by checking how information security activities are conducted across the Group.
For confidentiality management, we have a working group on confidentiality management that reports to the Risk Management Committee. The working group is tasked with identifying and reducing the risks related to the management of confidential information and protection of personal information.
We are in the process of establishing an information security management system. In 2020, we obtained TISAX (Trusted Information Security Assessment Exchange) certification, an information security assessment standard for the automotive industry supply chain.
We are continuously implementing measures to deal with the types of information security risks that pose a threat to companies and other organizations. In response to the recent increase of damage caused by cyberattacks, we have established a Computer Security Incident Response Team (CSIRT). We are thus working to improve the level and sophistication of our information security with a focus on both preventive and follow-up measures.
The working group on confidentiality management annually inspects the company-wide status of confidentiality management based on the confidentiality management rules set by the company. The inspection includes self-inspection by each department and mutual inspection between departments. The inspection items are reviewed according to the broader progress of informatization in society for the enhancement of the checking function.
Furthermore, in addition to the rules on the in-house handling of confidential information, we have also established rules on the use of confidential information outside the company in order to prevent the leaking of such information, including rules on the use of portable computers and cloud services, and we monitor compliance with the rules.
As exemplified by the General Data Protection Regulation (GDPR) enforced in Europe, measures to protect personal information have been enhanced globally. In response, the NGK SPARK PLUG Group has set a range of internal rules to appropriately protect, manage and handle the personal information of its customers and employees.