Aiming to gain even greater trust from its stakeholders, the NGK Group is working diligently to strengthen corporate governance, promote compliance, and enhance risk management.
To ensure the proper management and use of information assets, the NGK Group CSR Committee’s Security Subcommittee takes responsibility for supervising overall information security, and supports the General Aff airs and Information Systems divisions in their eff orts regarding personal information and document security control, IT network security control, and other issues.
The rapid pace at which information and communications technology and devices have evolved in recent years has led to gaps in the level of IT security management among Group companies in terms of systems and operations, security education, and other areas. This situation has made the quest for consistent IT security on a Group-wide level an urgent concern.
For this reason, we conducted a survey in October 2009 of the status of IT security measures at each Group company, with the goal of developing an IT security structure based on commonly shared Group standards. Based on the results of the survey, in August 2010 we formulated the NGK Group IT Security Standards, consisting of regulations, countermeasure guidelines, and self-diagnostic sheets shared by all Group companies. Copies of the standards were distributed in Japanese, English and Chinese. From August, all Group companies conducted risk assessment and self-diagnosis based on a checklist of 300 items, creating countermeasure guidelines ordered by priority and tailored to their specific business formats and security status. The companies then drafted action plans for countermeasure enactment in order to systematically improve their IT security level.
Furthermore, to advance these standards in the shortest time possible, the Information Technology Department and Corporate Strategy Office paid visits directly to Group companies worldwide to explain the rationale for formulating standards, the importance of having such countermeasures, and regulation details. At the same time, the department and office provided support for conducting risk assessment and enacting countermeasure action plans as part of meticulous initiatives that were carried out.
In fiscal 2011, visits will again be paid to Group companies to follow up on the enactment status of countermeasure action plans formulated in the previous fiscal year. Outcomes will then be evaluated to raise performance levels further.
In fiscal 2010, we took steps to reduce the risk of information leaks associated with removable storage media by limiting the storage of information on USB memory and other removable storage media and extensively managing the possession of such devices.
In terms of IT security education, in addition to group training on the topic for new recruits and employees newly promoted to supervisory and management positions, we implemented e-learning-based training for all PC users. We also held presentations for PC network managers in every division in order to further raise awareness of the recently revised regulations and guidelines concerning IT security measures.
In fiscal 2011, we intend to enhance training on IT security at Group companies, thereby boosting consciousness regarding IT security.
Manager,
Information Technology Dept.
Shigeki Hayashi
At Group companies in China, the issue we faced was that while interest in IT security was high among managers and supervisory personnel, the kinds of initiatives that should be taken remained unclear. The adoption now of the IT Security Standards has enabled every company to clarify the measures needed and to take steps to systematically improve its level of security.
