The SG Holdings Group considers the protection of information assets an important social responsibility. We have formulated an "Information Security Basic Policy" and a "Personal Information Protection Policy" and work toward strengthening information security.
Information Security Basic Policy
SG Holdings Co., Ltd. (the "Company"), aiming to contribute to economic development and striving to be a business broadly useful to society, considers the protection of the Company's information assets, including the information received from customers, a key social responsibility and to that end has formulated the Information Security Basic Policy (the "Basic Policy") shown below. The Company continues to work to effectively implement and enhance information security.
- Enactment and Implementation of Internal Rules
The Company will establish information security regulations and other relevant regulations based on the Basic Policy and implement information security measures.
- Establishment of an Information Security Management System
The Company will establish a management system for ensuring information security and also build and employ a system for coordinating as necessary with external entities.
- Information Security Measures
The Company will adopt appropriate information security measures and work to prevent alteration, loss, leakage, improper access or other interference with the use of information assets.
- Continuing Education
The Company will work to ensure that all officers and employees, etc. are fully cognizant of the Basic Policy and will conduct necessary education on information security on an ongoing basis.
- Incident Response
If an information security incident occurs, the Company will promptly investigate the cause, work to prevent the expansion of damage and take steps to prevent a reoccurrence.
- Compliance with Laws and Regulations, etc.
The Company will strictly comply with all laws and regulations and internal rules, etc.
concerning information security.
- Evaluation and Review of Information Security Activities
The Company will periodically review whether information security is being appropriately enforced and supported and implement remedial measures as needed.
Effective September 21, 2014
Personal Information Protection Policy
Fiscal 2017 Goals and Results
Boundary: Scope of application of goal
Related SDGs: Targets of SDGs (sustainable development goals) closely related to the goal
Scroll from left to right
|Fiscal 2017 Goals||KPI||Results and progress of fiscal 2017 initiatives||Boundary||Related SDGs|
|Identification and adoption of steps to mitigate the risks facing the Group as a whole and, as a business responsible for social infrastructure, attainment of a high level of crisis management||
||✓||✓||Some Business Locations||4.7|
Enhanced information security management systems are now more critical than ever as the potential danger from a wide range of cyberattacks originating outside the company has grown significantly over the past several years. Therefore, at the SG Holdings Group, in addition to existing management systems, we have established the SGH-CSIRT (Computer Security Incident Response Team) for the purpose of minimizing damage to the extent possible in the event of a cybersecurity incident and ensuring early recovery of the affected IT systems.
Security assessment is an essential tool for evaluating the effectiveness of cybersecurity management systems in order to prevent serious information security incidents.
Specifically, what this means is setting of a target level of cybersecurity upon evaluation of the internal and external environment in which IT systems operate, identifying the challenges to attaining that level and proposing and prioritizing the required solutions. SG Systems is responsible for conducting security assessments and developing effective security enhancement plans for the entire Group.
We conduct ongoing education and dissemination of information on cybersecurity to all employees in Japan.
|Type of Activity||Target individuals||Frequency|
Reading jointly the "SG Holdings Group Security Handbook" and taking a test on its contents
|All employees in Japan||Annually (in July)|
Targeted e-mail attack response training
*Follow-up e-training for employees who open the attached file or click on the link provided
|All employees in Japan||Twice a year (in the first half and the second half respectively)|