Governance Cybersecurity

Policy and Basic Mindset

UBE Group Information Management Guidelines

We protect information and properly disclose our corporate information.

  1. We strive to protect personal information and the information of our business partners.
  2. We use every precaution for the handling of undisclosed corporate information (insider information) and the Group’s confidential information.
  3. We promptly and fairly disclose and supply accurate corporate information to stakeholders.

UBE Group Information Security Guidelines

  1. To help build a world of abundance by creating products, technologies, and services that deliver value, the UBE Group operates an information security framework to disclose, use, protect, and manage information as a corporation that has earned the trust and appreciation of society.
  2. The UBE Group strives to ensure that each officer and employee of the Group recognizes the importance of information assets and complies with relevant laws and regulations, by establishing internal rules, conducting employee education and raising awareness, and implementing information security measures. This is intended to fully secure information security systems, which have a tremendous impact on corporate activities. Additionally, in order to ensure that information security is maintained, we periodically inspect the information security related activities and continuously improve them.

Personal Information Protection (Privacy Policy)

The UBE Group has established the following Privacy Policy, and is taking initiatives to implement, maintain, and improve its measures for personal information protection.

  1. The UBE Group has established and shall comply with rules concerning the appropriate handling of personal information, taking into consideration the details and scale of the Group’s business. These rules pertain to the acquisition, usage, transfer, safekeeping, provision, and deletion of personal information.
  2. The UBE Group shall practice regulatory compliance with laws and ordinances concerning personal information protection.
  3. The UBE Group will carry out safety measures to ensure against incidents such as the loss, destruction, falsification, and leakage of personal information. Furthermore, the Group will act quickly to implement necessary corrective actions should any such incident occur.
  4. The UBE Group will regularly reassess and improve its policy on personal information protection.

Management System

Information Security Operation System

The UBE Group designates an Information Security Officer as the person with the highest responsibility for information security. The Information Security Committee supports and advises the Information Security Officer by proposing and discussing critical matters related to information security. This provides a framework for the Group to implement various initiatives designed to maintain information security.

figure

Targets and Performance

We recognize cybersecurity as an important management risk, and we have created the following categories for security measures while building information security systems.

Management Measures (Organizations and People)

  • Create internal systems, regulations and standards related to information security and formulate plans on information security measures (Plan), carry out such measures (Do), and continually improve them (Check/Action).
  • Raise employee understanding of security through development activities, such as education on information security, targeted email attack drills, and security-related reminders.

Physical Measures

  • Manage office entrances and exits and strengthen security measures, such as the maintenance of site boundaries and monitoring of entry gates at factories and other such locations.

Technological Measures

  • Respond appropriately to increasingly sophisticated cyberattacks and strengthen security measures through a framework supporting the proactive use of IoT and ICT.

Initiatives

The department in charge of information security designates targets for each countermeasure (KPI) and strengthens security measures.

Addressing Risks and Evaluating Measures

  • We evaluate the effectiveness of responses to each variation in security guidelines using response evaluation tools provided by third parties, then compare them to industry averages and revise measures that are comparatively slow. (Ministry of Economy, Trade and Industry; Cybersecurity Management Guidelines; NIST/Cyber Security Framework, etc.)

Employee Education and Drills

  • Information Security Education
    Annual e-Learning for all employees
  • Targeted Attack E-mail Drills
    Drills and follow-up checks conducted twice annually for all employees that use email
  • Security Incident Response Drills
    We organize a Computer Security Incident Response Team (CSIRT), which conducts annual drills simulating a predicted viral infection and checks systems to ensure minimal damage due to security incidents.
  • IT-BCP Drills
    We prepare for the unlikely possibility of a disaster related to our data centers by verifying system environments and structures to reboot business systems at backup sites.

Internal Audits

We regularly audit our status regarding internal information security as well as conformity and compliance with ISO and other standards. Audit reports and recommendations regarding revisions are given to information security supervisors.