Digital innovation which seeks to improve productivity, business competitiveness, and create new business models is accelerating through the use of IT. On the other hand, risks related to information systems such as the sophistication of cyber-attacks, are also increasing. The purpose of Cybersecurity is to properly manage information, information systems and information communication networks, prevent leaks and losses, and minimize impact of security incidents. As a member of a critical infrastructure provider, we regard cyber security as an important management issue, and we will take measures from multiple angles (organizational, institutional, human, technical, and physical) and respond appropriately.
Sumitomo Chemical has constructed the following framework for information system security and industrial control system security, and is implementing the PDCA cycles.
Security Framework for Information System and Industrial Control System
Goals and Results
We have established a security policy in accordance with the concept of ISMS (Information Security Management System), an international standard for the organization’s information security framework.
Our basic policy comprises multifaceted security measures (multilayered incident prevention and disaster mitigation), such as those outlined below.
|Type of measure||Content of measure|
Implement a range of measures, including access restriction, malware measures, and vulnerability measures, for individual servers and computers as well as networks
Use cloud servers complete with entry/exit controls and other security features
Examples of Initiatives
We have established a CSIRT (Computer Security Incident Response Team) in the information system security head department (IT Innovation Department). The team analyzes security information from external organizations, provides warnings to the Group, gathers information on security incidents that occur within the Group, and comprehensively manages the Group’s response.
Security Incident Response Framework
- IPA: Information-Technology Promotion Agency, Japan
- JPCERT/CC: Japan Computer Emergency Response Team Coordination Center
As a critical infrastructure operator, Sumitomo Chemical considers cyber security to be an important management issue and will continue responding to growing threats. By taking appropriate system security measures, we will continue to create more value with the aim of supporting the global expansion of business, solving issues in the international community, and enhancing quality of life.