The Nissui Group retains the personal information of customers in its mail-order/e-commerce business, etc. It is not only our corporate responsibility but also indispensable for the sustained growth of the Nissui Group to prevent the leakage/loss of such personal information and important information on management, business, research, etc. Having established the "Information Security Subcommittee" under the Risk Management Committee, we are executing information security management in a thoroughgoing manner by putting regulations and rules in place, including the "Basic Policy on Information Security," enhancing the system administration framework and periodically conducting education and training for employees.
The Information Security Subcommittee, set up under the umbrella of the Business Foundation Risks Committee with the aim of enhancing the information security level of Nissui and its Group companies in Japan. The Information Security Subcommittee is convened four times a year and is chaired by an Executive Officer designated by the Business Foundation Risks Committee. Its main activities involve the formulation and progress management of various measures to make the Basic Policy on Information Security function effectively, as well as the execution of procedures to deal with information security risks that have newly arisen.
![[Figure] Promotion Framework - The Risk Management Committee](/assets/img/common/risk_img-01e.svg)
With respect to all employees, we make the information security rules widely known and conduct information security education and training at least once a year. Also, a security audit is conducted periodically—i.e., once a year—at business locations where important information is retained.
| Category of Initiatives | Description of Initiatives | Coverage | Results |
|---|---|---|---|
| Education | Training aimed at newly-assigned employees to help them understand basic security principles | New graduates/experienced hires | Face-to-face/online training: Twice |
| Training to raise information security awareness and promote internal rules | Executives/employees | E-learning: Once (participation rate: 96.0%) | |
| Security awareness training for employees who handle personal customer information | Departments handling customer personal information | E-learning: Once (participation rate: 100.0%) | |
| Test aimed at determining understanding of internal rules that leads to more efficient training | Executives/employees | E-learning: Once (participation rate: 91.7%) | |
| Training | Training aimed at building resilience to targeted attacks by email | Executives/employees | Twice |
| Training to develop information security incident response capabilities | Members of the Information Security Subcommittee and related parties | Once |
To improve information security, we are implementing initiatives across various areas, including strengthening authentication functions and network security to prevent unauthorized use by third parties, reinforcing the incident response system, and providing education and training for executives and employees. We are continuously working to improve security levels through the PDCA cycle to address increasingly serious security risks each year.
For the purpose of deliberating the direction of promoting the adoption of information technology (IT) in the Group in the medium- to long-term, a conference targeted at the respective persons in charge of IT divisions in the Group is held each year. At the conference, participants exchange opinions on IT in general, including such topics as information security measures, utilization of cutting-edge technologies, and consideration of system adoption. In terms of information security, participants share the latest trends in threats and the status of information security measures taken at each Group company, identify information security issues that should be tackled by the Group in the medium- to long-term and bring their views together with respect to the countermeasures.
