CSR Information

Information Security

Information Security Policy

In order to ensure the confidentiality, integrity and availability of its information systems, the Sumitomo Forestry Group has raised the security level of its systems while maintaining the “regulation” aspects and “technology” aspects of information security in a mutually complementary manner. Based on the recognition that the protection of customer information in particular is of utmost importance, the Group continues to conduct employee training to ensure dissemination of the rules, and verifies their level of awareness.

In terms of the regulation aspects, we have formulated Sumitomo Forestry Group Information Asset Protection Guidelines for all Group companies in Japan and created a check list based on these guidelines at the same time. The person responsible for the department in charge of information systems at each Group company conducts checks of the information security level every year. In fiscal 2012, the Group also formulated guidelines for Group companies outside of Japan.

As for education on information security, Sumitomo Forestry has made it compulsory for all Group employees with access to its intranet (including temporary and part-time employees) to take an e-learning course on an annual basis.

On the other hand, with respect to the technology aspects of information security, the Group has introduced encrypted start-ups and restrictions on the data export from computers that are taken outside the Company.

Page Top

Systems for Managing Information Security

Under the supervision of the executive officer in charge of information systems, the general manager of the Information Systems Department promotes information security measures for the Sumitomo Forestry Group, such as the formulation and management of rules and regulations, the proposal and implementation of technical measures, the education and training of employees, and the investigation of accidents and implementation of countermeasures.

Furthermore, the person responsible for each department provides guidance and management for the execution of that department's operations as the information security supervisor, and assigns an information security officer who is the working-level manager for the department's information security.

The Group also holds regular meetings of the Affiliated Companies IT Managers Council, which is attended by the persons responsible for departments in charge of information systems at Group companies in Japan. The council checks the content of the guidelines and promotes the introduction of security systems.

Page Top

Initiatives to Strengthen Information Security

Investments in information security substantially increased in fiscal 2016 to strengthen security by building a defense in depth system based on the growing threats to information security such as the multiple leaks of personal information and the advanced email attacks occurring in recent times. In addition to these investments, the Sumitomo Forestry Group has conducted advanced email attack training for all of its employees.

We are also enhancing the response for consultations from employees founded in issues related to cyberattacks and strengthened information security education for employees centered upon the Information Security Office established at Sumitomo Forestry Information Systems Co., Ltd. in May 2016.

Page Top

Toward the Future

As threats to information security grow in recent years, the Sumitomo Forestry Group will continually raise awareness internally as well as conduct and strengthen ongoing information security education with the newly established Information Security Office at the core.

Page Top

CSR Report2017