In line with the Information Security Basic Policies, the Idemitsu Group is endeavoring to ensure the confidentiality of its information assets and to simultaneously secure the accessibility and security of its information systems and networks. Utilizing information technologies, Idemistu is thus striving to maintain and enhance the level of customer services. In addition, Idemitsu has established the Customer Information Management Standards to appropriately collect and use customer information, keeping it up to date while safeguarding it. The standards also mandate the proper disposal of such information.

As part of our thoroughgoing information management measures, we mandate that all IT system users (including permanent and temporary employees as well as subcontractors) periodically undergo educational programs, such as Security Standards for the Use of IT Systems. At the same time, each division carries out an autonomous inspection of information management every year and data security audits are implemented as part of periodic internal audits. Should information leakage occur, the incident will be handled in accordance with the “Crisis Response Rules,” and the Information Control Guidelines.

1. The Idemitsu Group shall endeavor to ensure the secrecy of its information assets, secure the availability and security of its information systems and networks, and enhance the level of customer services by employing information technologies.
2. The Idemitsu Group shall put in place appropriate protective measures to prevent the leakage, falsification or destruction of customer information.
3. The Idemitsu Group shall strive to secure the availability and security of its information systems and networks and protect their secrecy, in an effort to prevent information-related incidents that may cause troubles to customers, business partners and other stakeholders.
4. The Idemitsu Group shall ensure that all employees, temporally staff and vendors are aware of the importance of information security and property educated about the use of information and information systems by providing them with training and otherwise raising their awareness.
5. The Idemitsu Group shall conduct periodic audits aimed at inspecting and evaluating the status of security policy compliance, thereby ensuring robust information security.

Information security education via e-learning

We provide annual e-learning programs (in Japanese, English and Chinese) to instill information security rules that must be observed by all IT system users. Targeting all Group employees at home and abroad, the 2020 round of these programs was implemented during the March – April 2020 period and completed by a total of 14,545 people, or 100% of targeted individuals.

Specialized e-learning program

In FY2019, we also launched e-learning programs for employees tasked with handling or administering control systems. The 2020 round of this program was implemented during the February – March 2020 period and completed by a total of 4,516 people, or 100% of targeted individuals.

Training on the handling of suspicious e-mails

On a quarterly basis, we implement training focused on handling targeted e-mail attacks, with the aim of mitigating the risk of contracting computer virus infections borne by suspicious e-mails and raising cybersecurity awareness among employees.

In-house newsletters designed to raise employee awareness

We distribute the monthly cybersecurity newsletter via e-mail, calling employees’ attention to relevant cybersecurity-related topics and thereby raising their awareness.

Information Systems Department organized IT Summit 2019 in Sapporo from November 25 to 28, 2019. The purpose of this summit is to share knowledge on IT tools utilization as well as to enhance digital security awareness in performing daily business operations, mainly for IT PIC (person in charge) from Idemitsu’s overseas bases. It is our company’s 2nd IT Summit after holding the first one in Singapore in 2018.

Thirty participants from 16 offices in Japan and overseas attended lectures on effective use of Idemitsu’s internal IT system and security trends. They also shared the IT issues faced by respective offices and gained feedback from other participants. Security risks in daily operations and their countermeasures were also discussed proactively. All participants from various countries had a great opportunity to directly communicate and share information and knowledge with each other. IT plays an important role in our company to support sustainable business growth and in the future, and in the future we will focus on discussion regarding specific IT issues faced by respective departments.