Information Security
Kureha Group has basic policies for information security and maintains the availability, integrity, and confidentiality of the information assets of our Group, managing information appropriately with an information security management system, and avoiding the occurrence of major incidents related to information management that affect the sustainability of management.
Policy/Policies
Kureha Group Basic Policy on Information Security
Establishing safe and reliable controls for appropriate sharing and utilizing of all business-related information is one of our most important management issues. Kureha Group's basic policy on information security is as follows:
Kureha Group Basic Policy on Information Security
- Kureha Group will maintain the availability, integrity, and confidentiality of our information assets and promote appropriate information security management activities.
- Based on the entire group's continual efforts to improve the information security, Kureha Group will continue to provide education so that every employee can recognize the importance of information security and put it into practice.
- Kureha Group will carry out risk assessments on their respective information assets and take appropriate risk management measures.
- Kureha Group will strictly adhere to relevant laws and regulations.
Basic Information Security Policy
Kureha Corporation recognizes the establishment of secure and reliable management for appropriate sharing and use of all information concerning business activities as one of the priority issues for management and sets out the following as its basic policy on information security.
Management Structure
GRI 2-24
In accordance with our corporate governance structure, the Board of Directors oversees information security and makes decisions on important matters such as the Basic Policy on Information Security. The Sustainability Committee, an advisory body to the Board of Directors, meets twice a year in principle to monitor sustainability issues to be addressed by the Group, including information security, and makes recommendations to the Board of Directors. As an executive function, the Sustainability Committee formulates specific plans for the Group as a whole regarding sustainability issues, including information security, and manages the progress of these plans.
We have an Information Security Subcommittee under the Sustainability Coordination Committee, and have built and operate an Information Security Management System (ISMS) conforming to JIS Q 27001:2014 in order to effect continuous improvements to our information security. In fiscal 2019, we set up a Computer Security Incident Response Team (CSIRT) and a system to minimize information security incidents. We are also undertaking a review of our workflows and systems to address major threats and enable immediate action by the CSIRT.
Target(s) and What We Have Done/Are Doing
| KPI | Company/ companies |
FY2019 Results |
FY2020 Results |
FY2021 Results |
FY2022 Results |
FY2023 Results |
FY2025 Target |
|---|---|---|---|---|---|---|---|
| Number of security incidents affecting management |
Kureha | 0 | 0 | 0 | 0 | 0 | 0 |
| Group Companies in Japan | 0 | 0 | 0 | 0 | 0 | 0 | |
| Overseas Group Companies | 0 | 0 | 0 | 0 | 0 | 0 | |
| Number of incidents of personal information leaks |
Kureha | 0 | 0 | 0 | 0 | 0 | 0 |
| Group Companies in Japan | 0 | 0 | 0 | 0 | 0 | 0 | |
| Overseas Group Companies | 0 | 0 | 0 | 0 | 0 | 0 |
Initiative(s)/Activity(ies)
Countermeasures to Cyberattacks
We have systems to detect and block incoming cyberattacks and to minimize damage when intrusion is detected. We maintain stable operation of the system through 24/7 year-round monitoring by a security vendor.
Risk Assessment of Information Assets
We are reducing risk by systematically assessing the security risks of our information assets and implementing countermeasures.
Preventing Information Leaks
We maintain a system of high-level security at all times through regular diagnostics by security vendors and through measures to strengthen security in response to cyberattacks, which are increasing in sophistication and ingenuity day by day.
Education and Training about Information Security
We continually provide information security education to all employees. We also conduct drills that simulate targeted email attacks to train users in proper responses to suspicious email.
Information Security Measures for Telecommuting
We have established a user's guide for the telecommuting system introduced in July 2022 detailing the concept of information security and various rules for doing work at home, and have stipulated compliance with the guide as one of the conditions for applying telecommuting.
Countermeasures to Information System Disasters
We have introduced cloud services that incorporate disaster countermeasure environments for our enterprise system and internal email system. We make use of robust data centers in Japan, taking into account disaster countermeasures for our electronic file system as well.
- Sustainability
- Message from the President
- Kureha Group's Sustainability
-
Environmental Report
- Environmental Management
- Overview of Environmental Impact
- Climate Change (TCFD Recommendation-based Disclosure)
- Recycling of Resources, Proper Management and Disposal of Waste
- Management of Chemical Substances, Prevention of Air Pollution, Water Use and Prevention of Water Pollution
- Addressing Biodiversity
- Social Report
- Governance Report
- Contributing to the Solution of Environmental and Social Issues through Our Business
- GRI Standards Content Index/SASB Content Index
- ESG Data Collection
- Sustainability Report Archive
- External Recognition
- Sustainability Site Editing Policy and Contents of the Report