In line with the Information Security Basic Policies, the Idemitsu Group is endeavoring to ensure the secrecy of its information assets and secure the availability and security of information systems and networks. Utilizing information technologies, Idemistu thus striving to maintain and enhance the level of customer services. In addition, Idemitsu has established the Customer Information Management Standards to appropriately collect and use customer information, and store it safely and at the latest status. The standards also mandate the proper disposal of such information.
We also implement periodic staff education on Security standards for the Use of IT Systems for all employees as part of our thoroughgoing information management measures. At the same time, autonomous inspection of information management is implemented by each division while data security audits are implemented through periodic business operation audits by the Internal Audit Office. When information leakage occurs, the incident is handled in accordance with the Guidelines on How to Deal with a Crisis, and the Information Control Guidelines.

 

• Unit：%

Idemitsu Group	e-learning enrollment rate	100
Showa Shell Group	IT security web learning enrollment rate	100

1. The Idemitsu Group shall endeavor to ensure the secrecy of its information assets, secure the availability and security of its information systems and networks, and enhance the level of customer services by employing information technologies.
2. The Idemitsu Group shall put in place appropriate protective measures to prevent the leakage, falsification or destruction of customer information.
3. The Idemitsu Group shall strive to secure the availability and security of its information systems and networks and protect their secrecy, in an effort to prevent information-related incidents that may cause troubles to customers, business partners and other stakeholders.
4. The Idemitsu Group shall ensure that all employees, temporally staff and vendors are aware of the importance of information security and property educated about the use of information and information systems by providing them with training and otherwise raising their awareness.
5. The Idemitsu Group shall conduct periodic audits aimed at inspecting and evaluating the status of security policy compliance, thereby ensuring robust information security.

Information Systems Department organized IT Summit 2019 in Sapporo from November 25 to 28, 2019. The purpose of this summit is to share knowledge on IT tools utilization as well as to enhance digital security awareness in performing daily business operations, mainly for IT PIC (person in charge) from Idemitsu’s overseas bases. It is our company’s 2nd IT Summit after holding the first one in Singapore in 2018.
Thirty participants from 16 offices in Japan and overseas attended lectures on effective use of Idemitsu’s internal IT system and security trends. They also shared the IT issues faced by respective offices and gained feedback from other participants. Security risks in daily operations and their countermeasures were also discussed proactively. All participants from various countries had a great opportunity to directly communicate and share information and knowledge with each other. IT plays an important role in our company to support sustainable business growth and in the future, and in the future we will focus on discussion regarding specific IT issues faced by respective departments.