In line with the Information Security Basic Policies, the Idemitsu Group is endeavoring to ensure the confidentiality of its information assets and to simultaneously secure the accessibility and security of its information systems and networks. Utilizing information technologies, Idemitsu is thus striving to maintain and enhance the level of customer services. In addition, Idemitsu has established the Customer Information Management Standards to appropriately collect and use customer information, keeping it up to date while safeguarding it. The standards also mandate the proper disposal of such information.

Furthermore, we mandate that every year all IT system users (including permanent and temporary employees as well as subcontractors) take “Security Standards for the Use of IT Systems,” an e-learning information security course aimed at ensuring that they practice thoroughgoing information management measures. At the same time, each department carries out an autonomous inspection of information management and data security audits are implemented on an annual basis as part of periodic internal audits. Should information leakage occur, the incident will be handled in accordance with the “Crisis Response Rules,” and the Information Control Guidelines.

1. The Idemitsu Group shall endeavor to ensure the secrecy of its information assets, secure the availability and security of its information systems and networks, and enhance the level of customer services by employing information technologies.
2. The Idemitsu Group shall put in place appropriate protective measures to prevent the leakage, falsification, or destruction of customer information.
3. TThe Idemitsu Group shall strive to secure the availability and security of its information systems and networks and protect their secrecy, in an effort to prevent information-related incidents that may cause trouble to customers, business partners, or other stakeholders.
4. The Idemitsu Group shall ensure that all employees, temporary staff, and vendors are aware of the importance of information security and educated on the proper use of information and information systems by providing them with training and otherwise raising their awareness.
5. The Idemitsu Group shall conduct periodic audits aimed at inspecting and evaluating the status of security policy compliance, thereby ensuring robust information security.

Information security education via e-learning

We provide annual e-learning programs (in Japanese, English and Chinese) to instill information security rules that must
be observed by all. Targeting all IT system users at home and abroad, the 2021 round of these programs was implemented
during the January – March 2021 period and completed by a total of 15,755 people, or 100% of targeted
individuals.

Specialized e-learning program

In FY2019, we also launched e-learning programs for employees tasked with handling or administering control systems. The 2020 round of this program was implemented during the January – March 2021 period and completed by a total of 5,297 people, or 100% of targeted individuals.

Training on the handling of suspicious e-mails

On a quarterly basis, we implement training focused on handling targeted e-mail attacks, with the aim of mitigating the risk of contracting computer virus infections borne by suspicious e-mails and raising cybersecurity awareness among employees.

In-house newsletters designed to raise employee awareness

We distribute the monthly cybersecurity newsletter via e-mail, calling employees’ attention to relevant cybersecurity-related topics and thereby raising their awareness.

Information Systems Department organized IT Summit 2019 in Sapporo from November 25 to 28, 2019. The purpose of this summit is to share knowledge on IT tools utilization as well as to enhance digital security awareness in performing daily business operations, mainly for IT PIC (person in charge) from Idemitsu’s overseas bases. It is our company’s 2nd IT Summit after holding the first one in Singapore in 2018.

Thirty participants from 16 offices in Japan and overseas attended lectures on effective use of Idemitsu’s internal IT system and security trends. They also shared the IT issues faced by respective offices and gained feedback from other participants. Security risks in daily operations and their countermeasures were also discussed proactively. All participants from various countries had a great opportunity to directly communicate and share information and knowledge with each other. IT plays an important role in our company to support sustainable business growth and in the future, and in the future we will focus on discussion regarding specific IT issues faced by respective departments.