Governance

Information Security

Information Security > Information Security Policy

Basic Philosophy

As the importance of information security grows, it is necessary for all Group members, from management to the front line, to work together to improve the effectiveness of information security management and reduce security risks regarding the Group’s information assets. To this end, we will work to properly protect various types of confidential and personal information, including information entrusted to us by external parties, as well as to strengthen IT security to respond to increasing cyberattacks.

Promotion System

We have established a promotion system for each area of IT security and confidential information/personal information management, and are working together to strengthen information security.
Regarding IT security, we have established an IT Security Committee (held at least twice a year), to check the status of company-wide IT security activities and promote appropriate measures. This committee consists of the Chief Information Security Officer (the corporate officer in charge of the Digital Transformation Dept.) as the chairman and Head of the Information Systems Division, Head of the Integrated Management Division, Head of Headquarters, planning divisions of each company, and other major divisions as members.
Regarding the management of confidential information and personal information, the Confidentiality Management Subcommittee (held at least once a year) was established under the Risk Management Committee to promote the reduction of risks related to the management of confidential information and personal information. This committee consists of the executive officer in charge of the Business Management Dept. as sub-chairman and the heads of each department as members. In addition, information security activities are led by department managers and department chiefs assigned to each department in the areas of IT security and confidential information/personal information management.

Information Security Promotion System

For confidentiality management, we have a working group on confidentiality management that reports to the Risk Management Committee. The working group is tasked with identifying and reducing the risks related to the management of confidential information and protection of personal information.

Information Security Management System

In order to continuously respond to information security risks that threaten companies and organizations, we have set information security as a priority issue (materiality) and are building an information security management system.
As one of them, We are in the process of establishing an information security management system. In 2020, we obtained TISAX (Trusted Information Security Assessment Exchange) certification, an information security assessment standard for the German automotive industry supply chain.
In FY2021, group companies in the United States and China also completed the acquisition of TISAX certification.

Responding to Information Security Incidents

We have established a Computer Security Incident Response Team (CSIRT).
When an incident occurs, the CSIRT promptly organizes and confirms the facts, determines the level of the incident, and then responds. We also accumulate and share knowledge as a measure to prevent recurrence.

In addition to responding after an incident occurs, we are also striving to defend in advance, and we are trying to improve the level and maturity.
In fiscal 2021, in response to the increase in damage caused by cyber attacks around the world, we conducted a comprehensive inspection of the servers used by our company and group companies. The servers with security concerns were extracted and countermeasures were taken.
In addition, CSIRT publishes "CSIRT communication" every month to inform employees of the latest information on information security and to alert them.
When it becomes necessary to call attention with a high degree of urgency, we are working to prevent incidents by issuing a bulletin version that describes specific precautions.

Confidentiality Management

The working group on confidentiality management annually inspects the company-wide status of confidentiality management based on the confidentiality management rules set by the company.
Regarding the self-inspection results by each department, the secretariat of the confidentiality management subcommittee confirms its validity for the enhancement of the checking function.
The inspection includes self-inspection by each department and mutual inspection between departments. The inspection items are reviewed according to the broader progress of informatization in society for the enhancement of the checking function.
Furthermore, in addition to the rules on the in-house handling of confidential information, we have also established rules on the use of confidential information outside the company in order to prevent the leaking of such information, including rules on the use of portable computers and cloud services, and we monitor compliance with the rules.

Protection of Personal Information

As exemplified by the General Data Protection Regulation (GDPR) enforced in Europe, measures to protect personal information have been enhanced globally. In response, the Niterra Group has set a range of internal rules to appropriately protect, manage and handle the personal information of its customers and employees.
In addition, as a response to the revised Personal Information Protection Law that came into effect in April 2022, we pre-assess risks based on the type and the number of personal information and take measures to reduce the risks.

See the policy regarding the handling of personal information (Privacy Policy) below.

NGK SPARK PLUG CO., LTD.