The impact of advances in the business applications of digitization, including AI and IoT, on information systems has included a rise in such negative factors as increasingly sophisticated cyberattacks. The purpose of information security is to properly manage information, prevent leaks and loss, and minimize the effectiveness of threats to data integrity. We have therefore taken an approach that is multifaceted from the organizational, systems, personnel, technological, and physical points of view.
Sumitomo Chemical has built the following framework for information system and industrial control system security and implements PDCA cycles.
Security Framework for Information System and Industrial Control System
Goals and Results
Based on the concept of an information security management system (ISMS), we established a security policy and took necessary measures.
Our basic policy comprises multifaceted security measures (multilayered incident prevention and disaster mitigation), such as those outlined below.
|Type of measure||Content of measure|
Periodically conduct security self inspections and conduct IT security internal audits that encompass Group companies
|Personnel measures||Carry out various security education programs using e-learning systems (education for new hires, periodic education)|
Implement a range of measures, including access restriction, malware measures, and vulnerability measures, for individual servers and computers as well as networks
Use cloud servers complete with entry/exit controls and other security features
Examples of Initiatives
We have established a Computer Security Incident Response Team (CSIRT) in information system security head department (IT Innovation Department). The team analyzes security information from external organizations, provides warnings to the Group, gathers information on security incidents that occur within the Group, and comprehensively manages the Group’s response.
Security Incident Response Framework
- IPA: Information-Technology Promotion Agency, Japan
- JPCERT/CC: Japan Computer Emergency Response Team Coordination Center
- RHQ: Regional headquarters
As an critical infrastructure operator, Sumitomo Chemical considers cyber security to be an essential management issue and will continue responding to growing threats. By taking appropriate system security measures, we will continue to create more value with the aim of supporting the global expansion of business, solving issues in the international community, and enhancing quality of life.