Sustainability
Information Security
Information Security Measures
Within the NGK Group, proper management and operation of information assets is a collaborative effort carried out by the General Affairs Department and ICT Department, in conjunction with other relevant administrative departments and in line with the Basic NGK Group Information Security Policy.
Every employee who uses a computer or other information-processing devices as part of their job is provided with our Electronic Information Security Handbook and is trained in the proper use of their devices, as well as made aware of the need to contact the General Affairs Department and ICT Department if the devices are lost, infected with a computer virus, or otherwise compromised. Also, under the rules of employment, employees are subject to disciplinary action if their improper use of information devices results in the leaking of confidential information or some other result that significantly impacts the company.
Meanwhile, personnel from NGK’s ICT Department visit several Group companies each year to conduct on-site checks into the status of IT security measures and to provide guidance on their implementation. In FY2022, due to the impact of the global COVID-19 pandemic, these visits to overseas Group companies were not carried out except in a few cases. However, we held online IT Global Meetings several times for all overseas Group companies in the regions of North and Central America, Europe and Africa, China, and Asia Pacific. Group companies in each region discussed IT security operations and conducted training on how to handle security incidents.
Basic NGK Group Information Security Policy
Formulation of the Basic NGK Group IT Security Standards
The rapid advance in information communication technologies and devices has made the quest for consistent IT security on a Group-wide level an urgent concern. Therefore, in FY2010, we formulated the NGK Group IT Security Standards with the goal of developing an IT security structure based on commonly shared Group standards and raising the bar when it comes to IT security.
We update these standards every year in response to societal changes and trends, and work to standardize the level of IT security in our Group by sharing them with each group company. In FY2022 we reviewed the sections pertaining to backup methods and vulnerability management.
Every year, each Group company drafts action plans for the enactment of countermeasures in an attempt to systematically strengthen security. Via these action plans, NGK confirms initiatives at each Group company and provides guidance as necessary.
Information security training
We conduct training sessions throughout the year to ensure strict adherence to information security among all employees.
We offer training for newly hired employees and newly promoted supervisors and managers to NGK employees while e-learning is offered to NGK employees and employees of some Group companies in Japan.
| Item | Participants | Participation rate |
|---|---|---|
| Training for newly hired employees | 139 | 100% |
| Training for newly promoted supervisors | 139 | 100% |
| Training for newly promoted managers | 80 | 100% |
| E-learning | 6,369 | 100% |
Note:Excluding employees who were away on maternity leave, childcare leave, long-term business trips, etc.
Ensure IT security against cyberattacks
As a countermeasure against cyberattacks, NGK is strengthening each category of protection, detection, response, and recovery from cyberattacks following the cybersecurity framework announced by the National Institute of Standards and Technology (NIST) of the U.S.
In FY2022 we conducted practical training exercises for officers on cybersecurity incidents. We asked an external consulting firm to review our security measures and conduct study sessions. This served not only to reaffirm with management the importance of security to our business continuity, but to strengthen response and recovery from incidents. Meanwhile, we carried out training for all members of our headquarters and domestic Group companies concerning email spoofing.
By getting them to recognize the threats close at hand, we hope to improve their awareness of security.
Personal Information Management
We have established Personal Information Management Regulations as the NGK Group, in addition to maintaining privacy policies and regulations in accordance with the laws and regulations of each country regarding personal information. We take painstaking care in our protection, management, and handling of customer information.