お問い合わせ
JPENCN
Sustainability

Sustainability Top

information security

サステナビリティデータブック2024

サステナビリティデータブック2024

Basic approach

The importance of information security measures is increasing year by year, and measures and policies are established to prevent diversifying risks such as virus infections, unauthorized access to systems, leaks of personal information, and cyber attacks, as well as to prevent incidents from occurring. It is important to minimize the impact at times. Our group establishes rules and response procedures such as "Information Protection Management Regulations" and "Information System Management Regulations," and implements technical and physical defense measures using IT to maintain and improve appropriate information management and information security. We are working on this.

The artience Group (hereinafter referred to as the “Group”) recognizes that it is an important management responsibility to appropriately protect and manage all information held and handled by the Group as important information assets, to maintain them in a complete state, and to ensure that they can be utilized for business activities at any time. In particular, in today’s society, where the handling of such information is strongly dependent on ICT systems, we believe that it is essential in information security to ensure cybersecurity for digitalized information.
Based on this basic approach, we have established this Basic Policy on Information Security (hereinafter referred to as this “Basic Policy”), and will endeavor to appropriately manage and operate information assets and ICT systems to ensure information security and cybersecurity.

  1. Scope of application

    This Basic Policy applies to all companies and organizations that make up the Group. This Basic Policy also applies to all officers, corporate advisors, employees, contract employees, and part-time employees of the Group, as well as temporary dispatch workers and all other persons engaged in the Group’s business operations (hereinafter referred to collectively as “officers and employees”). We also ask all suppliers, distributors, and other business partners who form the Group’s supply chain to understand and support this Basic Policy.
    The scope of information covered by this Basic Policy is all information handled by the Group, including the information of external third parties.

  2. Compliance with laws and regulations

    The Group will comply with laws and regulations relating to information security applicable in the countries and regions in which it conducts its business activities, and policies, internal regulations, and rules relating to information security and cybersecurity, including this Basic Policy. We will also comply with social codes of conduct relating to information security, various contracts associated with our business activities, and agreements with external third parties to whom information belongs.

  3. Information security system

    The Group will establish an Information Security Office supervised by the department that oversees information security activities. The Information Security Office will plan, promote, and support the development of policies, internal regulations and rules, etc., as well as risk management, incident response, education and training, and other related group-wide information security activities relating to information security and cybersecurity.
    Each division of each Group company will appoint an Information Security Manager who will promote and implement on-site information security activities in cooperation with the Information Security Office, forming a group-wide information security system.

  4. Risk management

    The Group is deeply aware that the information assets it handles are constantly exposed to risks such as loss, damage, falsification, leakage, unauthorized access, and cyber attacks, etc., and implements necessary and reasonable risk management. In view of this, we will establish an information security risk management system through collaboration between the Risk Management Subcommittee, a subordinate organization of the Sustainability Committee, supervised by the Board of Directors and Representative Director and President, and the Information Security Office.
    The Group will identify and evaluate risks relating to information security and cybersecurity, manage them through mitigation and countermeasures, etc., and report to the Board of Directors and the Group Management Committee on a regular basis, and on an extraordinary basis as needed.

  5. Response to cyber incidents

    The Group will establish the artience-CSIRT (artience-Cyber Security Incident Response Team) under the direct control of the Risk Management Subcommittee, as an emergency response system for the purpose of minimizing damage from cyber incidents and ensuring business continuity. artience-CSIRT will:
    (1) Take consistent actions to reduce and eliminate damage to information as important assets.
    (2) Always put customers first and serve them swiftly and sincerely.
    (3) (1)     Pay attention to maintaining and improving the brand image without yielding to cyberattack. Based on these action principles, in the event of a cyber incident, artience-CSIRT will be responsible for initial response, determination of response policy, making external announcements, coordination and information gathering in cooperation with organizations both inside and outside the Group, elimination of causes, recovery response, and consideration of measures for preventing recurrences.

  6. Ensuring cybersecurity in the supply chain

    In view of the fact that an external network through ICT systems is essential for all business activities, the Group will endeavor to ensure cybersecurity through information sharing and coordination with suppliers, business partners, outsourcing partners / subcontractors, customers, and other stakeholders that make up the Group’s supply chain.

  7. Education and training

    The Group will design and create appropriate education programs based on this Basic Policy and related policies, internal regulations and rules, etc., and will regularly and repeatedly provide education and training on information security and cybersecurity to all officers and employees, etc. By doing so, we aim to improve the information security literacy and skills of officers and employees, etc., and ensure the level of the Group’s information security.

  8. Continuous inspections and improvements

    The Group will conduct regular and irregular internal audits and investigations to confirm that the management and operation of information assets and ICT systems are being implemented appropriately. To adapt to the speed of changes in the environment surrounding information security and cybersecurity, we will continuously improve our information security and cybersecurity activities by constantly collecting and analyzing information on information security and cybersecurity, endeavoring to recognize and understand the latest environment, regularly inspecting related systems and initiatives, and revising policies, regulations, and rules, etc., including this basic policy, in accordance with current conditions.

  9. Revision, abolition and management

    Decisions regarding the revision or abolition of this Basic Policy shall be made by the Board of Directors of artience Co., Ltd.
    The department in charge of the revision and abolition of this Basic Policy shall be the department that oversees the information security activities of artience Co., Ltd.

Established on May 10, 2024 (resolved at the Board of Directors on May 10, 2024)

Promotion system

Information security initiatives and risk responses are promoted mainly by the Information Systems Department of artience Co., Ltd., in cooperation with General Affairs Department (General Affairs Group, Legal Group) and Corporate Communication Department. In addition, we have established the Information Security Office as a contact point for consultation and reporting from employees. In the event of an incident, in order to minimize the impact of an incident, the Group Information Systems Department will establish an organization "artience-CSIRT" with the Group Information Systems Department as the secretariat in accordance with the "Information System Disaster Response Guidelines" and the "artience-CSIRT* Establishment Guidelines" to report and respond to Risk Management Committee, Sustainability Committee, and management.

  • artience Abbreviation for Cyber Security Incident Response Team

attempt

Information Security Activity Policy for FY2023

Further raise the level of cyber incident response and information security measures by promoting the feasibility of the "artience-CSIRT"/information security office system on the premise of diverse work styles such as remote work and the use of data.

  • Strengthening the information security system and promotion with the establishment of the CSIRT
  • Continuing education for employees to balance data utilization and information security
  • Raising awareness of information security measures at overseas companies
  • Strengthening technical and physical defense measures by restructuring system BCP measures

Accidents related to information security

In fiscal 2023, there were no serious incidents related to information security, such as the leakage of personal information.

2023年度の主な活動

2023年度の主な活動

Protection of personal information

Recognizing the importance of protecting personal information, we comply with laws and regulations regarding the handling of personal information, and take steps to appropriately handle and protect personal information. We have established a "Privacy Policy" and established "Personal Information Management Regulations." In addition, we have appointed a personal information manager in each department to appropriately manage information using a personal information ledger and strive to live up to the trust of our customers. We are also working on initiatives that take into account the laws and regulations of each country, including compliance with the GDPR (EU General Data Protection Regulation), which came into effect in the EU in May 2018.

Privacy Policy

Cyber security measures

In accordance with the Basic Policy on Risk Management, the Group needs to strengthen its ability as an organization to respond to unforeseen circumstances related to cyber incidents. For this reason, we have established a system BCP system "artience-CSIRT" with the aim of minimizing damage and maintaining business continuity in the event of an emergency. In addition to rules and response procedures such as the Risk Management Implementation Rules, Emergency Response Regulations, and Information System Disaster Response Guidelines, we have also established the artience-CSIRT Establishment Guidelines and the Cyber Incident Response Manual to ensure internal awareness.

  • Ensure that damage to information, which is an important asset, is reduced and eliminated.
  • Always put the customer first and respond quickly and honestly.
  • Be conscious of maintaining and improving your brand image without giving in to crimes caused by cyber attacks.

Security Incident Response System (FY2024)

Security Incident Response System (FY2024)
Security Incident Response System (FY2024)
Security Incident Response System (FY2024)
Security Incident Response System (FY2024)

Print