Jump to section
View Sumitomo Corporation's Sustainability : Information Security
Recognizing the importance of information security, Sumitomo Corporation, led by the IT Strategy Committee chaired by the Chief Information Officer (CIO), has established an Information Security Policy and other relevant regulations, and works to ensure information security and the appropriate management of information assets. For personal information, we operate a Privacy Policy and have put in place relevant regulations and organizational structures to ensure appropriate protection.
Sumitomo Corporation acknowledges the importance of ensuring information security, and wishes to further enhance the company's trustworthiness in its business operations. Therefore, Sumitomo Corporation shall implement appropriate measures including, but not limited to, the establishment and maintenance of relevant rules and guidelines so as to responsibly manage information assets on a consolidated basis globally and shall review them regularly.
Sumitomo Corporation shall comply with any applicable local, regional, national and international laws and regulations in relation to information security.
Sumitomo Corporation shall preserve confidentiality, integrity and availability through responsibly managing all information assets including personal data, and shall take all reasonable precautions in order to prevent unapproved disclosure, loss or impairment of such data.
Whilst making the utmost endeavour to prevent information security incidents from occurring, in the unlikely event such an incident should occur, Sumitomo Corporation shall respond promptly to the incident and implement whatever preventive measures are necessary to avoid recurrence.
Sumitomo Corporation shall regularly promote and maintain the provision of information security education including, but not limited to, further heightening the awareness of the importance of responsibly managing information assets.
We also take steps to minimize the risk from unexpected situations involving information security, such as external attacks aimed for instance at theft or destruction of corporate information through collaboration with external specialized agencies. In addition to system-based safeguards, we conduct continuous training and drills for officers and employees and system monitoring and upgrades covering our major subsidiaries and other group entities.
Furthermore, we have assigned information managers to each organization. These people classify information assets according to their importance and provide instructions on how to handle them, thereby ensuring overall information security.
