Sustainability
Information Security
Information Security Management System
Our Information Security Management System assigns the roles of each part of our organization during normal times. Concerning security incidents affecting critical systems, we will continue to align and strengthen our BCP and internal crisis management system.
Basic NGK Group Information Security Policy
Information Security Measures
Within the NGK Group, proper management and operation of information assets is a collaborative effort carried out by the General Affairs Department and ICT Department, in conjunction with other relevant administrative departments and in line with the Basic NGK Group Information Security Policy.
Every employee who uses a computer or other information-processing devices as part of their job is provided with our Electronic Information Security Handbook and is trained in the proper use of their devices, as well as made aware of the need to contact the General Affairs Department and ICT Department if the devices are lost, infected with a computer virus, or otherwise compromised. Also, under the rules of employment, employees are subject to disciplinary action if their improper use of information devices results in the leaking of confidential information or some other result that significantly impacts the company.
Meanwhile, personnel from NGK’s ICT Department visit several Group companies each year to conduct on-site checks into the status of IT security measures and to provide guidance on their implementation. In FY2023, we conducted visits to overseas Group companies in Europe, the USA, and Asia. We also held online IT Global Meetings several times for all overseas Group companies in the regions of North and Central America, Europe and Africa, China, and Asia Pacific. Group companies in each region discussed IT security operations and conducted training on how to handle security incidents.
Formulation of the Basic NGK Group IT Security Standards
The rapid advance in information communication technologies and devices has made the quest for consistent IT security on a Group-wide level an urgent concern. Therefore, in FY2010, we formulated the NGK Group IT Security Standards with the goal of developing an IT security structure based on commonly shared Group standards and raising the bar when it comes to IT security.
We update these standards every year in response to societal changes and trends, and work to standardize the level of IT security in our Group by sharing them with each group company. In FY2023 we reviewed the sections pertaining to the handling of data when using cloud services.
Every year, each Group company drafts action plans for the enactment of countermeasures in an attempt to systematically strengthen security. Via these action plans, NGK confirms initiatives at each Group company and provides guidance as necessary.
Information Security Training
We conduct training sessions throughout the year to ensure strict adherence to information security among all employees.
We offer training for newly hired employees and newly promoted supervisors and managers to NGK employees while e-learning is offered to NGK employees and employees of some Group companies in Japan.
Training Summary
Item | Participants | Participation rate |
---|---|---|
Training for newly hired employees | 168 | 100% |
Training for newly promoted supervisors | 130 | 100% |
Training for newly promoted managers | 94 | 100% |
E-learning | 7,006 | 85.8% |
Note: Excluding employees who were away on maternity leave, childcare leave, long-term business trips, etc.
Ensure IT Security Against Cyberattacks
As a countermeasure against cyberattacks, NGK is strengthening each category of protection, detection, response, and recovery from cyberattacks following the cybersecurity framework announced by the National Institute of Standards and Technology (NIST) of the U.S.
In FY2023, we introduced an SOC (Security Operation Center) at all Group companies which primarily enhances detection and response. Meanwhile, we carried out training for all members of our headquarters and domestic Group companies concerning email spoofing.
By getting them to recognize the threats close at hand, we hope to improve their awareness of security.
Personal Information Management
The NGK Group has established Personal Information Management Regulations in addition to maintaining privacy policies and regulations in accordance with the laws and regulations of each country regarding personal information. We take painstaking care in our protection, management, and handling of customer information.