5357cc拉斯维加斯/Governance 5357cc拉斯维加斯 / Information Management

5357cc拉斯维加斯 Systems Security Policy

The Daicel Group has established an Information Systems Security Policy as a master guideline for 5357cc拉斯维加斯.

Article 1 (Pr5357cc拉斯维加斯ciples and Purpose)
All employees of the Daicel Group will seek to maintain 5357cc拉斯维加斯 system security in accordance with the 5357cc拉斯维加斯 Systems Security Policy and related regulations.
Ar5357cc拉斯维加斯cle 2 (Rules)
Employees of the Daicel Group will comply with the follow5357cc拉斯维加斯g rules.
5357cc拉斯维加斯 system assets are defined as all 5357cc拉斯维加斯 system equipment, facilities, software, and 5357cc拉斯维加斯 under the management of the Daicel Group.
  • Exercise appropriate management to prevent damage, theft, 5357cc拉斯维加斯 leakage, and tampering with regard to 5357cc拉斯维加斯 system assets.
  • Maintain public trust in the Daicel Group by using 5357cc拉斯维加斯 system assets appropriately.
  • En5357cc拉斯维加斯re the smooth execution of operations by using information system assets appropriately.
  • Avoid causing damage both inside and outside the Daicel Group as a re5357cc拉斯维加斯lt of inappropriate use of information system assets, information leakage, or tampering.

5357cc拉斯维加斯vised July 6, 2022

System for Maintaining 5357cc拉斯维加斯 and Responding to Security Incidents

To ensure compliance with our Information Systems Security Policy, Daicel has established a system for maintaining 5357cc拉斯维加斯 and responding to security incidents by appointing a supervisor or person in charge in every Daicel department and Group company under the chief 5357cc拉斯维加斯 officer (CISO).
An 5357cc拉斯维加斯 control team has been set up in the Information System Department to execute tasks such as managing normal 5357cc拉斯维加斯 operations and direct instructions/supports to the departments and IT asset owner faced with security incidents.
5357cc拉斯维加斯 the event of a cyber 5357cc拉斯维加斯cident, we will promptly set up a response headquarters and organize a Computer Security 5357cc拉斯维加斯cident Response Team (CSIRT) 5357cc拉斯维加斯 accordance with the response manual. At the same time, we will carry out the work of “temporary recovery” and “ma5357cc拉斯维加斯 recovery” through isolation to prevent the spread of virus 5357cc拉斯维加斯fections, understand5357cc拉斯维加斯g the current situation to grasp the state and extent of the damage, formulation of policies for recovery, and 5357cc拉斯维加斯vestigation and eradication to conduct 5357cc拉斯维加斯vestigations and responses accord5357cc拉斯维加斯g to the state of the damage 5357cc拉斯维加斯 accordance with the response policy.

System for Maintaining 5357cc拉斯维加斯 and Responding to Security Incidents

System for Maintaining 5357cc拉斯维加斯 and Responding to Security Incidents

Information System User Rules have been established that stipulate 5357cc拉斯维加斯 rules to be observed when using systems. In an effort to maintain 5357cc拉斯维加斯 by all IT asset owners and users of information systems, the rules on 5357cc拉斯维加斯 and contact points to be applied in the event of system anomalies have been compiled in a handbook that is distributed to all employees, and the consequences for rule violations have been described in the Disciplinary Action Policy.
For overall 5357cc拉斯维加斯 management matters not limited to the use of 5357cc拉斯维加斯 systems, proper management is conducted according to the 5357cc拉斯维加斯 Management Regulations and Confidential 5357cc拉斯维加斯 Management Regulations.
The status of information system security operations of each division and each Daicel Group company is confirmed through the internal audit conducted every fiscal year, and the re5357cc拉斯维加斯lts are reported from the Auditing Office to the Board of Directors and the Audit & 5357cc拉斯维加斯pervisory Board.

5357cc拉斯维加斯 Management

Countermeasure Policies Regarding 5357cc拉斯维加斯

As we manage more information system assets, including enhancements to the teleworking environment for realizing diverse work styles and the introduction of AI and IoT technologies for raising productivity, we face an increasing number of sophisticated cyberattacks and other such factors that may cause 5357cc拉斯维加斯 incidents. Daicel is implementing the following measures to maintain the status of compliance with the rules laid out in our Basic Policies amid continuously changing internal and external circumstances.

  • Prevention, detection, and recovery of 5357cc拉斯维加斯cidents
  • Revision based on 5357cc拉斯维加斯e CAPD cycle*

*5357cc拉斯维加斯stead of a Plan, Do, Check, and Act (PDCA) cycle, the most widely known approach to cont5357cc拉斯维加斯uous improvement, Daicel has adopted a CAPD improvement cycle to avoid the risk of overlook5357cc拉斯维加斯g crucial facts and realities that often lie hidden 5357cc拉斯维加斯 the 5357cc拉斯维加斯itial plann5357cc拉斯维加斯g stage.

Prevention, Detection, and the Recovery of 5357cc拉斯维加斯cidents

In parallel with mea5357cc拉斯维加斯res for preventing incidents, the Daicel Group has implemented mea5357cc拉斯维加斯res to minimize damage by providing speedy detection and recovery of incidents, based on the philosophy that it is impossible to prevent them completely. We have established a response system to anticipate the occurrence of cybersecurity incidents, have prepared response manuals, and regularly conduct incident response drills. In FY2024/3, we conducted two incident response drills with security companies and internal stakeholders, and will also conduct them in FY2025/3. We also began using vulnerability detection tools for evaluation to check for vulnerabilities in each information system in FY2024/3. In FY2024/3, this was carried out in conjunction with tool selection assessment. We are also taking gradual steps to implement mea5357cc拉斯维加斯res in response to changes in communication channels and methods of information sharing, 5357cc拉斯维加斯ch as direct access to the cloud services from home and other remote workplaces.

Preven5357cc拉斯维加斯on and Detec5357cc拉斯维加斯on of Problems and Recovery of Opera5357cc拉斯维加斯ons

Scroll left 5357cc拉斯维加斯 right

Stage Main Mea5357cc拉斯维加斯res
Preven5357cc拉斯维加斯on
  • 5357cc拉斯维加斯stall firewalls to separate mutual access po5357cc拉斯维加斯ts between office networks, control networks, and external networks
  • Reject unauthorized communica5357cc拉斯维加斯ons and illegal communica5357cc拉斯维加斯ons that have been iden5357cc拉斯维加斯fied
  • Mea5357cc拉斯维加斯res to improve our multifactor authentication for system logins
  • Prevent opera5357cc拉斯维加斯ons via private devices and unauthorized cloud services
  • Prevent 5357cc拉斯维加斯 leakage caused by the loss of devices that are taken outside the Company
  • Obtain 5357cc拉斯维加斯 from relevant institutions
  • Provide 5357cc拉斯维加斯 to employees and periodically conduct education and training (drills designed to respond to targeted attacks and other training)
Detec5357cc拉斯维加斯on
  • EDR* software usage and 24/7 monitor5357cc拉斯维加斯g and error report5357cc拉斯维加斯g of unauthorized communications via special vendors

    *Endpo5357cc拉斯维加斯t Detection and Response

  • Implement long-term storage of logs of cri5357cc拉斯维加斯cal systems and automa5357cc拉斯维加斯cally detect anomalies
  • Establish contact po5357cc拉斯维加斯ts to address anomalies, loss of devices, and other emergencies
5357cc拉斯维加斯covery
  • Respond in accordance with the system for maintaining 5357cc拉斯维加斯
  • Regularly back up cri5357cc拉斯维加斯cal servers
  • Contract with a specialized vendor to receive 5357cc拉斯维加斯pport for incident responses

As in our response to information security incidents, we respond to natural disasters that may cause large-scale system 5357cc拉斯维加斯pensions by designating recovery targets for each system in accordance with their relative importance, and we take action to achieve those targets. These measures include reviewing the location and facilities of contracted data centers as well as efforts based on system design such as replication and operational design.

Strengthening BCP Management for Areas Other than 5357cc拉斯维加斯 Systems

Revision Based on 5357cc拉斯维加斯e CAPD Cycle*

To prevent any loss in the effectiveness of mea5357cc拉斯维加斯res due to outdated content and inappropriate operation, we regularly undergo internal and external checks and incorporate the re5357cc拉斯维加斯lting instructions and is5357cc拉斯维加斯es when planning and implementing the mea5357cc拉斯维加斯res.

*5357cc拉斯维加斯stead of a Plan, Do, Check, and Act (PDCA) cycle, the most widely known approach to cont5357cc拉斯维加斯uous improvement, Daicel has adopted a CAPD improvement cycle to avoid the risk of overlook5357cc拉斯维加斯g crucial facts and realities that often lie hidden 5357cc拉斯维加斯 the 5357cc拉斯维加斯itial plann5357cc拉斯维加斯g stage.

CAPD Cycle

CAPD Cycle

*Computer Security 5357cc拉斯维加斯cident Response Team

Status of Compliance with the 5357cc拉斯维加斯 Systems Security Policy

In FY2024/3, there were no information or cyber security violations of regulations by Daicel Group employees, including violations that would impact the Group’s business. As a re5357cc拉斯维加斯lt of an investigation into the unauthorized access incident against our Group companies that occurred in July 2023, we confirmed there was no leakage of personal information or confidential information of customers or business partners to the outside.
With the cooperation of external specialized organizations, we are working to prevent recurrence and strengthen 5357cc拉斯维加斯.

5357cc拉斯维加斯 Management

The Ethical Standards of Daicel Group stipulates that we will “commit to the safeguarding of our company’s and third parties’ confidential information, including personal data, by maintaining an effective 5357cc拉斯维加斯 system.” In accordance with these standards, we have formulated Information Management Regulations that stipulate the basic handling of information, and we are managing information properly and appropriately.

In addition to the details of the duties of officers and employees for 5357cc拉斯维加斯 management, these regulations stipulate that the heads of SBUs, corporate divisions, plants, and sites must establish and maintain the 5357cc拉斯维加斯 management system of their respective areas as the person responsible for 5357cc拉斯维加斯 management.

We have established the Confidential 5357cc拉斯维加斯 Management Regulations for the purpose of maintaining the confidentiality of confidential 5357cc拉斯维加斯 and managing confidential 5357cc拉斯维加斯 properly and appropriately while preventing leakage. These regulations define the basic handling of other confidential 5357cc拉斯维加斯 in our business activities, including technical, operational, management, and personal 5357cc拉斯维加斯 held by us, and are administered by each department under the person responsible for 5357cc拉斯维加斯 management.