Information Security

Basic Policy

The impact of advances in the business applications of digitization, including AI and IoT, on information systems has included a rise in such negative factors as increasingly sophisticated cyberattacks. The purpose of information security is to properly manage information, prevent leaks and loss, and minimize the effectiveness of threats to data integrity. We have therefore taken an approach that is multifaceted from the organizational, systems, personnel, technological, and physical points of view.

Management System

Sumitomo Chemical has built the following framework for information system and industrial control system security and implements PDCA cycles.

Security Framework for Information System and Industrial Control System

Goals and Results

Based on the concept of an information security management system (ISMS), we established a security policy and took necessary measures.

Our basic policy comprises multifaceted security measures (multilayered incident prevention and disaster mitigation), such as those outlined below.

Type of measureContent of measure

Organizational measures

  • Constructed an information system and industrial control system security framework
  • Constructed an information-sharing framework with inside and outside organizations to ensure preparedness against security incidents
Systematic measures
  • Establish general standards and standards related to security, including for Group companies
  • Periodically conduct security self inspections and conduct IT security internal audits that encompass Group companies
Personnel measures Carry out various security education programs using e-learning systems and conduct drills for security incidents
Technological measures

Implement a range of measures, including access restriction, malware measures, and vulnerability measures, for individual servers and computers as well as networks

Physical measures

Use cloud servers complete with entry/exit controls and other security features

Examples of Initiatives

We have established a Computer Security Incident Response Team (CSIRT) in information system security head department (IT Innovation Department). The team analyzes security information from external organizations, provides warnings to the Group, gathers information on security incidents that occur within the Group, and comprehensively manages the Group’s response.

Security Incident Response Framework

  1. IPA: Information-Technology Promotion Agency, Japan
  2. JPCERT/CC: Japan Computer Emergency Response Team Coordination Center
  3. RHQ: Regional headquarters

Looking Ahead

As an critical infrastructure operator, Sumitomo Chemical considers cyber security to be an essential management issue and will continue responding to growing threats. By taking appropriate system security measures, we will continue to create more value with the aim of supporting the global expansion of business, solving issues in the international community, and enhancing quality of life.