日本語 English

Information Security

Management System

Policy and Basic Approach

With the advancement of digitalization and the increasing sophistication of cyberattacks, strengthening information security has become a critical challenge. The Mitsui Chemicals Group recognizes the importance of protecting customer and corporate information handled in its business activities. We ensure that all employees understand the significance and responsibility of information security, and we implement appropriate management practices to prevent incidents such as data leaks or tampering. These efforts are aimed at safeguarding our social credibility and ensuring business continuity. In particular, with regard to our information systems, we conduct  continuous threats monitoring and ongoing improvements to our information security systems to ensure the confidentiality, integrity, and availability of data.

 

As concrete measures, we have established a Global Policy on information security, information system security, and personal information protection, and have extended this policy to our subsidiaries and affiliates. The Mitsui Chemicals Head Office and all subsidiaries and affiliates are obligated to ensure information security through establishing company rules, etc., and are making efforts to strengthen the Group's information security.

 

In particular, with respect to protecting personal information, we respect the privacy of individuals and recognize that it is an important social responsibility to handle and protect personal information appropriately. Accordingly, we have established the "Declaration on Personal Information and a Specific Personal Information Protection Policy (Privacy Policy)" to protect personal information and specific personal information.

Global PolicyMain items
Global Policy on Information Security
  • Procedures for creating, obtaining, using, disclosing, sending, storing, and discarding information assets
  • Strict handling of confidential information
  • Confidentiality after resignation
  • Provision of education on information security
  • Disciplinary actions based on the work regulations at the time of the violation of the aforementioned procedures/rules
Global Policy on Information System Security
  • Strict management of information system usage authorities
  • Prohibition of access to systems and information that is unnecessary for business operations
  • Acquiring and storing access log of information
  • Obligation to report security incidents when they occur
  • Provision of education on personal information protection
  • Disciplinary actions based on the work regulations at the time of the violation of the aforementioned procedures/rules
Global Policy Protection of Personal Information Protection
  • Compliance with personal information regulations
  • Acquisition and procession of personal information within the scope necessary to carry out operations
  • Restrictions on provision of personal information to third parties
  • Implementation of security control measures for personal information
  • Retention of records regarding the processing of personal information
  • Response to infringement of personal information
  • Provision of education on personal information protection
  • Disciplinary actions based on the work regulations at the time of the violation of the aforementioned procedures/rules

System and Responsible Officers

With regard to information security, we are comprehensively managing risks under our risk management system. The officer in charge of the Corporate Administration & Legal Division serves as the chief officer, while the officer in charge of the Information Systems Division serves as the deputy chief officer. Comprehensive management is ensured through collaboration between the Corporate Administration & Legal Division, which oversees all aspects of information management, and the Information Systems Division, which is responsible for system-level information security, with each division utilizing its respective areas of expertise.

Monitoring

The Corporate Administration & Legal Division and the Information System Division work in cooperation with relevant divisions to regularly monitor the status of information security protection. Furthermore, we analyze and investigate the causes of information security incidents occurring throughout the Group, and communicate appropriate response measures accordingly.

Internal Audit

As part of the business audit conducted by the Internal Control Division, we have introduced an internal audit process based on self-assessment of internal controls utilizing the compliance checklist. In addition, we conduct audits of our business systems, covering areas such as system development and maintenance, operation and management, access control, system security, and external outsourcing contracts.

Business AuditAudit DivisionInternal Control Division
Target Audience

Mitsui Chemicals divisions and Mitsui Chemicals Group subsidiaries and affiliates

Details

We ensure appropriate information security by assessing the proper handling of information and the management and operation of information system security, based on self-evaluation of internal controls.

Frequency

Once every three to five years (depending on the size, business type, and management level of the audited organization).