Information Security
Management System
Policy and Basic Approach
With the advancement of digitalization and the increasing sophistication of cyberattacks, strengthening information security has become a critical challenge. The Mitsui Chemicals Group recognizes the importance of protecting customer and corporate information handled in its business activities. We ensure that all employees understand the significance and responsibility of information security, and we implement appropriate management practices to prevent incidents such as data leaks or tampering. These efforts are aimed at safeguarding our social credibility and ensuring business continuity. In particular, with regard to our information systems, we conduct continuous threats monitoring and ongoing improvements to our information security systems to ensure the confidentiality, integrity, and availability of data.
As concrete measures, we have established a Global Policy on information security, information system security, and personal information protection, and have extended this policy to our subsidiaries and affiliates. The Mitsui Chemicals Head Office and all subsidiaries and affiliates are obligated to ensure information security through establishing company rules, etc., and are making efforts to strengthen the Group's information security.
In particular, with respect to protecting personal information, we respect the privacy of individuals and recognize that it is an important social responsibility to handle and protect personal information appropriately. Accordingly, we have established the "Declaration on Personal Information and a Specific Personal Information Protection Policy (Privacy Policy)" to protect personal information and specific personal information.
| Global Policy | Main items |
|---|---|
| Global Policy on Information Security |
|
| Global Policy on Information System Security |
|
| Global Policy Protection of Personal Information Protection |
|
System and Responsible Officers
With regard to information security, we are comprehensively managing risks under our risk management system. The officer in charge of the Corporate Administration & Legal Division serves as the chief officer, while the officer in charge of the Information Systems Division serves as the deputy chief officer. Comprehensive management is ensured through collaboration between the Corporate Administration & Legal Division, which oversees all aspects of information management, and the Information Systems Division, which is responsible for system-level information security, with each division utilizing its respective areas of expertise.
Monitoring
The Corporate Administration & Legal Division and the Information System Division work in cooperation with relevant divisions to regularly monitor the status of information security protection. Furthermore, we analyze and investigate the causes of information security incidents occurring throughout the Group, and communicate appropriate response measures accordingly.
Internal Audit
As part of the business audit conducted by the Internal Control Division, we have introduced an internal audit process based on self-assessment of internal controls utilizing the compliance checklist. In addition, we conduct audits of our business systems, covering areas such as system development and maintenance, operation and management, access control, system security, and external outsourcing contracts.
| Business Audit | Audit Division | Internal Control Division |
|---|---|---|
| Target Audience | Mitsui Chemicals divisions and Mitsui Chemicals Group subsidiaries and affiliates | |
| Details | We ensure appropriate information security by assessing the proper handling of information and the management and operation of information system security, based on self-evaluation of internal controls. | |
| Frequency | Once every three to five years (depending on the size, business type, and management level of the audited organization). |