Information Security Measures
Within the NGK Group, proper management and operation of information assets is a collaborative effort carried out by the General Affairs Department and ICT Department, in conjunction with other relevant administrative divisions and in line with the Basic NGK Group Information Security Policy.
Every employee who uses a computer or other information-processing devices as part of their job is provided with our Electronic Information Security Handbook and is trained in the proper use of their devices, as well as made aware of the need to contact the General Affairs Department and ICT Department if the devices are lost, infected with a computer virus, or otherwise compromised. Also, under the rules of employment, employees are subject to disciplinary action if their improper use of information devices results in the leaking of confidential information or some other result that significantly impacts the company.
Meanwhile, personnel from NGK’s ICT Department visit several Group companies each year to conduct on-site checks and provide guidance on their implementation of IT security measures. In FY2021, due to the impact of the global COVID-19 pandemic, these visits to overseas Group companies were not carried out; however, online sessions were held in order to share with them the IT security enhancement policies and measures implemented over the medium term. Additionally, we established a meeting body called the IT Global Meeting. This meeting body is split into the four regions of North and Central America, Europe and Africa, China, and Asia Pacific. Group companies located within each region participate in regional meetings where they discuss NGK’s IT and DX strategies, including IT security.
Formulation of the Basic NGK Group IT Security Standards
The rapid advance in information communication technologies and devices has made the quest for consistent IT security on a Group-wide level an urgent concern. Therefore, in FY2010, we formulated the NGK Group IT Security Standards with the goal of developing an IT security structure based on commonly shared Group standards and raising the bar when it comes to IT security.
Every year, each Group company drafts action plans for the enactment of countermeasures in an attempt to systematically strengthen security. Via these action plans, NGK confirms initiatives at each Group company and provides guidance as necessary.
Information security training
We conduct training sessions throughout the year to ensure strict adherence to information security among all employees.
We offer training for newly hired employees and newly promoted supervisors and managers to NGK employees while e-learning is offered to NGK employees and employees of some Group companies in Japan.
|Training for newly hired employees||105||100%|
|Training for newly promoted supervisors||116||100%|
|Training for newly promoted managers||68||100%|
Note:Excluding employees who were away on maternity leave, childcare leave, long-term business trips, etc.
Ensure IT security against cyberattacks
As a countermeasure against cyberattacks, NGK is strengthening each category of protection, detection, response, and recovery from cyberattacks following the cybersecurity framework announced by the National Institute of Standards and Technology (NIST) of the U.S.
In FY2021, we worked in particular to improve and strengthen our detection capabilities. This included upgrading our anti-virus software on all company devices and linking this with log monitoring functions provided by an outside specialist. We prepared a SOP for response to and recovery from cyberattacks based on the latest trends ensuring we are prepared for any cyber contingency.
In FY2022 and beyond, we plan to conduct annual training exercises on IT security incidents as well as verify and upgrade the effectiveness of relevant documents.
The NGK Group has established internal rules on privacy protection compliant with the Amended Act on the Protection of Personal Information of Japan which took effect from April 1, 2022 in an effort to ensure strict handling, management and protection of personal information obtained from customers. In FY2015, NGK formulated and published our Basic Policy on the Proper Handling of Specific Personal Information in response to the enforcement of the Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures.