Information Security Policy
We regard all of our own information assets as one of our management resources. Through the proper protection and effective use of our information assets, we pursue healthy maintenance and development of our business.
- We establish rules that clearly define the system and responsibilities for the protection and management of all the information assets including the information we keep for our customers, the know-how and intellectual properties owned by our group, and personal information.
- We comply with laws, ordinances, and regulations regarding information security.
- We educate all executives and employees who handle information assets about the importance of information security, and about specific items to be observed.
- We continuously update the information infrastructure for the maintenance and improvement of the confidentiality, integrity, and availability of all the information assets.
- We promote measures to prevent accidents in order to address the risks of information leakage associated with the continuous advancement and sophistication of information technology. Should an accident occur, we will strive to minimize the damage and take preventive measures against recurrence.
The director in charge of the Information System Dept. serves as the Chief Administrator to ensure information security. We also have our Information Security Committee chaired by the Chief Administrator with an eye to increasing the effectiveness of our information security management and reducing security risks regarding the NGK SPARK PLUG Group’s information assets through the concerted effort of the management team and on-site workers. We foster appropriate measures by checking how information security activities are conducted across the Group.
For confidentiality management, we have a working group on confidentiality management that reports to the Risk Management Committee. The working group is tasked with identifying and reducing the risks related to the management of confidential information and protection of personal information.
Information Security Management System
We are in the process of establishing an information security management system. In 2020, we obtained TISAX (Trusted Information Security Assessment Exchange) certification, an information security assessment standard for the automotive industry supply chain.
We are continuously implementing measures to deal with the types of information security risks that pose a threat to companies and other organizations. In response to the recent increase of damage caused by cyberattacks, we have established a Computer Security Incident Response Team (CSIRT). We are thus working to improve the level and sophistication of our information security with a focus on both preventive and follow-up measures.
The working group on confidentiality management annually inspects the company-wide status of confidentiality management based on the confidentiality management rules set by the company. The inspection includes self-inspection by each department and mutual inspection between departments. The inspection items are reviewed according to the broader progress of informatization in society for the enhancement of the checking function.
Furthermore, in addition to the rules on the in-house handling of confidential information, we have also established rules on the use of confidential information outside the company in order to prevent the leaking of such information, including rules on the use of portable computers and cloud services, and we monitor compliance with the rules.
Protection of Personal Information
As exemplified by the General Data Protection Regulation (GDPR) enforced in Europe, measures to protect personal information have been enhanced globally. In response, the NGK SPARK PLUG Group has set a range of internal rules to appropriately protect, manage and handle the personal information of its customers and employees.