The Mitsubishi Chemical (MCC) Group undertakes information management in line with the Mitsubishi Chemical Group Information Security Policy. Under this policy, the MCC Group strives to protect its information assets and, in the event of an information security incident, acts to minimize the impact on its businesses and quickly resume any interrupted operations. Furthermore, the MCC Group works to raise employee awareness of the importance of protecting information assets while striving to maintain and improve the efficacy of its information security as part of efforts to prevent business interruptions and the loss of society’s trust due to such problems as information leaks or falsification.
The MCC Group maintains, manages and works to enhance all aspects of information security, including documents and data, information systems, and plant controls, on a Group-wide basis under the leadership of the Information Security Committee, established per the Mitsubishi Chemical Group Information Security Policy.
In addition, to counter increasingly sophisticated cyber attacks, the Mitsubishi Chemical Holdings Group Information System Security Subcommittee enforces a PDCA cycle for the entire Mitsubishi Chemical Holdings Group, working to maintain and strengthen information security.
Defensive Measures Against Threats to Computer Networks
The MCC Group has both technological and management measures in place to ensure network security. Technological measures include entrance safeguards, such as e-mail filters, as well as exit safeguards, such as systems that block access from within the network to websites that present security risks. In terms of management measures, the Group regularly urges caution against suspicious e-mails and conducts training drills.
Measures to Prevent Leaks of Personal Information and the Confidential Information of Customers and Third Parties
MCC has established its own Rules on Handling Personal Information and strives to ensure strict compliance with the Act on Protection of Personal Information, the Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures and other relevant laws, regulations and guidelines as well as the E.U. General Data Protection Regulation (GDPR) promulgated in May 2018.
As part of measures to prevent information leaks, MCC is taking such steps as strengthening the management of electromagnetic recording media and restricting access to the Internet.
Internal Education and Training
The MCC Group regularly conducts awareness-raising and training events for employees to promote strict information management. Moreover, information security training via e-learning is implemented every year, and information security training education is built into the employee training curriculum.