Cybersecurity

Basic Policy

Digital innovation which seeks to improve productivity, business competitiveness, and create new business models is accelerating through the use of IT. On the other hand, risks related to information systems such as the sophistication of cyber-attacks, are also increasing. The purpose of Cybersecurity is to properly manage information, information systems and information communication networks, prevent leaks and losses, and minimize impact of security incidents. As a member of a critical infrastructure provider, we regard cyber security as an important management issue, and we will take measures from multiple angles (organizational, institutional, human, technical, and physical) and respond appropriately.

Management System

Sumitomo Chemical has constructed the following framework for information system security and industrial control system security, and is implementing the PDCA cycles.

Security Framework for Information System and Industrial Control System

  • Security Framework for Information System and Industrial Control System

Goals and Results

We have established a security policy in accordance with the concept of ISMS (Information Security Management System), an international standard for the organization’s information security framework.
Our basic policy comprises multifaceted security measures (multilayered incident prevention and disaster mitigation), such as those outlined below.

Type of measureContent of measure

Organizational measures

  • Constructed an information system and industrial control system security framework
  • Constructed an information-sharing framework with inside and outside organizations to ensure preparedness against security incidents
Systematic measures
  • Establish general standards and standards related to security, including for Group companies
  • Periodically conduct security self-inspections and conduct IT security internal audits that encompass Group companies
Personnel measures
  • Conduct periodic security education using e-learning system, etc.
  • Conduct alerts and security incident response exercises
Technological measures

Implement a range of measures, including access restriction, malware measures, and vulnerability measures, for individual servers and computers as well as networks

Physical measures

Use cloud servers complete with entry/exit controls and other security features

Examples of Initiatives

We have established a CSIRT (Computer Security Incident Response Team) in the information system security head department (IT Innovation Department). The team analyzes security information from external organizations, provides warnings to the Group, gathers information on security incidents that occur within the Group, and comprehensively manages the Group’s response.

Security Incident Response Framework

  • Security Incident Response Framework

  1. IPA: Information-Technology Promotion Agency, Japan
  2. JPCERT/CC: Japan Computer Emergency Response Team Coordination Center

Looking Ahead

As a critical infrastructure operator, Sumitomo Chemical considers cyber security to be an important management issue and will continue responding to growing threats. By taking appropriate system security measures, we will continue to create more value with the aim of supporting the global expansion of business, solving issues in the international community, and enhancing quality of life.