Information Security Policy

In order to ensure the confidentiality, integrity and availability of its information systems, the Sumitomo Forestry Group has raised the security level of its systems while maintaining the “regulation” aspects and “technology” aspects of information security in a mutually complementary manner.

Based on the recognition that the protection of customer information in particular is of utmost importance, the Group continues to conduct employee training to ensure dissemination of the rules, and verifies their level of awareness.

In terms of the regulation aspects, we have formulated Sumitomo Forestry Group Information Asset Protection Guidelines for all Group companies in Japan and created a check list based on these guidelines at the same time.

The person responsible for the department in charge of information systems at each Group company conducts checks of the information security level every year. In fiscal 2012, the Group also formulated guidelines for Group companies outside of Japan.

As for education on information security, Sumitomo Forestry has made it compulsory for all Group employees with access to its intranet (including temporary and part-time employees) to take an e-learning course on an annual basis.

On the other hand, with respect to the technology aspects of information security, the Group has introduced encrypted start-ups and restrictions on the data export from computers that are taken outside the Company.

Systems for Protecting the Privacy of Customers
(Protection of Personal Information)

Sumitomo Forestry has formulated internal rules to safeguard the personal information of customers, such as the Personal Information Protection Policy and the Personal Information Protection Regulations. In addition, the executive officer responsible for general administration is designated as chief executive in charge of protection of personal information, head of each department as a supervisor and placed an information security officer in each department. In these ways, the Company has established a protection system covering Head Office through to each office.

The Company has also established a help desk for inquiries regarding the handling of personal information within the Customer Service Department. In addition, collective training is provided for the head and general administration representative for each organization. E-learning is provided for all other employees and efforts are made to increase awareness at subcontractors, in order to prevent the leaking of personal information. It is also mandatory for employees at Group companies to undertake the e-learning training.

Page Top

Systems for Managing Information Security

Under the supervision of the executive officer in charge of IT solutions, the general manager of the IT Solutions Department promotes information security measures for the Sumitomo Forestry Group, such as the formulation and management of rules and regulations, the proposal and implementation of technical measures, the education and training of employees, and the investigation of accidents and implementation of countermeasures.

Furthermore, the person responsible for each department provides guidance and management for the execution of that department's operations as the information security supervisor, and assigns an information security officer who is the working-level manager for the department's information security.

The Group also holds regular meetings of the Affiliated Companies IT Managers Council, which is attended by the persons responsible for departments in charge of information systems at Group companies in Japan. The council checks the content of the guidelines and promotes the introduction of security systems.

Page Top

Initiatives to Strengthen Information Security

Investments in information security was continued to made in fiscal 2018 to strengthen security by building a defense in depth system based on the growing threats to information security such as the multiple leaks of personal information and the advanced email attacks occurring in recent times. In addition to these investments, the Sumitomo Forestry Group has conducted advanced email attack training for all of its employees.

Since May 2016, we are also enhancing the response for consultations from employees founded in issues related to cyberattacks and strengthening information security education for employees centered upon the Information Security Office established at Sumitomo Forestry Information Systems Co., Ltd.

Page Top

Sustainability Report