Jump to section
View Sumitomo Corporation's Sustainability : Information Security
The Company acknowledges the importance of ensuring information security, and maintains appropriate measures including, but not limited to, the establishment and maintenance of relevant rules, primarily through IT Strategy Committee, which is chaired by the Chief Information Officer (CIO). In October 2017, a new Information Security Policy was established.
Sumitomo Corporation acknowledges the importance of ensuring information security and wishes to further enhance the company's trustworthiness in its business operations. Therefore, Sumitomo Corporation shall implement appropriate measures including, but not limited to, the establishment and maintenance of relevant rules and guidelines so as to responsibly manage information assets on a consolidated basis globally and shall review them regularly.
Sumitomo Corporation shall comply with any applicable local, regional, national and international laws and regulations in relation to information security.
Sumitomo Corporation shall preserve confidentiality, integrity and availability through responsibly managing all information assets including personal data and shall take all reasonable precautions in order to prevent unapproved disclosure, loss or impairment of such data.
Whilst making the utmost endeavor to prevent information security incidents from occurring, in the unlikely event such an incident should occur, Sumitomo Corporation shall respond promptly to the incident and implement whatever preventive measures are necessary to avoid recurrence.
Sumitomo Corporation shall regularly promote and maintain the provision of information security education including, but not limited to, further heightening the awareness of the importance of responsibly managing information assets.
The information managers in each organization categorize information assets based on their importance, give instructions for procedures and methods in order to handle these assets adequately, and work to ensure information security, efficient information-related administrative procedures, and information sharing. For personal information, in addition to establishing a Privacy Policy to protect this as appropriate, we have put in place relevant rules and organizational structures.
We also work on initiatives to minimize risk related to unexpected situations involving information security, such as external attacks aimed at theft or destruction of corporate information. As well as using system-based safeguards, we conduct ongoing training and drills for employees while establishing and monitoring systems at major subsidiaries and other group entities. The Company also coordinates with specialized third-party organizations to stay up-to-date on relevant information and to enable swift and appropriate responses.
