Sustainability
Information Security
Basic Approach
As our information-communication society grows ever more sophisticated, it has become necessary to safeguard the various information assets we possess. In response to growing global information security risks, the NGK Group will fulfill our responsibility as a member of a cultured and safe digital society by establishing robust information security. At the same time, we aim to continue contributing to the global development of digital technologies by supplying products based on our original ceramic technologies.
In addition, the NGK Group is working to safeguard the information assets we possess as stipulated in the Basic NGK Group Information Security Policy.
Basic NGK Group Information Security Policy
Information Security Measures
Within the NGK Group, proper management and operation of information assets is a collaborative effort carried out by the General Affairs Department and ICT Department, in conjunction with other relevant administrative departments and in line with the Basic NGK Group Information Security Policy.
Every employee who handles electronic data is provided with our Electronic Information Security Handbook and is trained in the proper use of data, as well as made aware of the need to contact the General Affairs Department and ICT Department if their devices are lost, infected with a computer virus, or otherwise compromised. Also, under the rules of employment, employees are subject to disciplinary action if their improper use of information devices results in the leaking of confidential information or some other result that significantly impacts the company.
Meanwhile, personnel from NGK’s ICT Department visit several Group companies each year to conduct on-site checks into the status of IT security measures and to provide guidance on their implementation.
In FY2024, we conducted visits to our Group companies outside Japan in the USA and China. We also held IT Global Meetings two times for all overseas Group companies in the regions of North and Central America, Europe and Africa, China, and Asia Pacific both in-person and online. Group companies in each region discussed IT security operations and conducted training on how to handle security incidents.
IT Security Management Framework
The rapid advance in information communication technologies and devices has made the quest for consistent IT security on a Group-wide level an urgent concern. Therefore, in FY2010, we formulated the NGK Group IT Security Standards with the goal of developing an IT security structure based on commonly shared Group standards and raising the bar when it comes to IT security.
We update these standards every year in response to societal changes and trends, and work to standardize the level of IT security in our Group by sharing them with each group company. In FY2024 we put procedures in place for managing the use of cloud services.
Every year, each Group company drafts action plans for the enactment of countermeasures in an attempt to systematically strengthen security. Via these action plans, NGK confirms initiatives at each Group company and provides guidance as necessary.
During normal times we define the role of our IT security management framework as that of a subdivision. Risks related to IT security are handled by the Risk Management Committee and reported to the Board of Directors at least once per year. Concerning our emergency response framework for things such as the occurrence of security incidents for critical systems, we will strengthen and work to integrate our internal systems for managing risk.
IT Security Management Framework Chart
When security incidents impacting critical systems occur, our response is based on the Basic Rules of Crisis Management
Information Security Training
We conduct training sessions throughout the year to ensure strict adherence to information security among all employees.
We offer training for newly hired employees and newly promoted supervisors and managers to NGK employees while e-learning is offered to NGK employees and employees of some Group companies in Japan.
Training Summary
| Item | Participants | Participation rate |
|---|---|---|
| Training for newly hired employees | 176 | 100% |
| Training for newly promoted supervisors | 178 | 100% |
| Training for newly promoted managers | 99 | 100% |
| E-learning | 7,146 | 98.8% |
Note: Excluding employees who were away on maternity leave, childcare leave, long-term business trips, etc.
Ensure IT Security Against Cyberattacks
As a countermeasure against cyberattacks, NGK is strengthening each category of protection, detection, response, and recovery from cyberattacks following the cybersecurity framework announced by the National Institute of Standards and Technology (NIST) of the USA.
In FY2024, we also carried out incident response training for officers, and training for all members of our headquarters and Group companies in Japan concerning email spoofing.
By getting them to recognize the threats close at hand, we hope to improve their awareness of security. No security incidents occurred in the NGK Group in FY2024 that would affect our business activities.
Personal Information Management
The NGK Group has established Personal Information Management Regulations in addition to maintaining privacy policies and regulations in accordance with the laws and regulations of each country regarding personal information. We take painstaking care in our protection, management, and handling of customer information.