In line with the Information Security Basic Policies, the Idemitsu Group is endeavoring to ensure the confidentiality of its information assets and to simultaneously secure the accessibility and security of its information systems and networks. Utilizing information technologies, Idemistu is thus striving to maintain and enhance the level of customer services. In addition, Idemitsu has established the Customer Information Management Standards to appropriately collect and use customer information, keeping it up to date while safeguarding it. The standards also mandate the proper disposal of such information.
As part of our thoroughgoing information management measures, we mandate that all IT system users (including permanent and temporary employees as well as subcontractors) periodically undergo educational programs, such as Security Standards for the Use of IT Systems. At the same time, each division carries out an autonomous inspection of information management every year and data security audits are implemented as part of periodic internal audits. Should information leakage occur, the incident will be handled in accordance with the “Crisis Response Rules,” and the Information Control Guidelines.
We provide annual e-learning programs (in Japanese, English and Chinese) to instill information security rules that must be observed by all IT system users. Targeting all Group employees at home and abroad, the 2020 round of these programs was implemented during the March – April 2020 period and completed by a total of 14,545 people, or 100% of targeted individuals.
In FY2019, we also launched e-learning programs for employees tasked with handling or administering control systems. The 2020 round of this program was implemented during the February – March 2020 period and completed by a total of 4,516 people, or 100% of targeted individuals.
On a quarterly basis, we implement training focused on handling targeted e-mail attacks, with the aim of mitigating the risk of contracting computer virus infections borne by suspicious e-mails and raising cybersecurity awareness among employees.
We distribute the monthly cybersecurity newsletter via e-mail, calling employees’ attention to relevant cybersecurity-related topics and thereby raising their awareness.
Information Systems Department organized IT Summit 2019 in Sapporo from November 25 to 28, 2019. The purpose of this summit is to share knowledge on IT tools utilization as well as to enhance digital security awareness in performing daily business operations, mainly for IT PIC (person in charge) from Idemitsu’s overseas bases. It is our company’s 2nd IT Summit after holding the first one in Singapore in 2018.
Thirty participants from 16 offices in Japan and overseas attended lectures on effective use of Idemitsu’s internal IT system and security trends. They also shared the IT issues faced by respective offices and gained feedback from other participants. Security risks in daily operations and their countermeasures were also discussed proactively. All participants from various countries had a great opportunity to directly communicate and share information and knowledge with each other. IT plays an important role in our company to support sustainable business growth and in the future, and in the future we will focus on discussion regarding specific IT issues faced by respective departments.