page top

Location of this page

Information Security

Policy

Approach

The SG Holdings Group considers the protection of information assets an important social responsibility. We have formulated an "Information Security Basic Policy" and a "Personal Information Protection Policy" and work toward strengthening information security.

Information Security Basic Policy

SG Holdings Co., Ltd. (the "Company"), aiming to contribute to economic development and striving to be a business broadly useful to society, considers the protection of the Company's information assets, including the information received from customers, a key social responsibility and to that end has formulated the Information Security Basic Policy (the "Basic Policy") shown below. The Company continues to work to effectively implement and enhance information security.

  1. 01Enactment and Implementation of Internal Rules

    The Company will establish information security regulations and other relevant regulations based on the Basic Policy and implement information security measures.

  2. 02Establishment of an Information Security Management System

    The Company will establish a management system for ensuring information security and also build and employ a system for coordinating as necessary with external entities.

  3. 03Information Security Measures

    The Company will adopt appropriate information security measures and work to prevent alteration, loss, leakage, improper access or other interference with the use of information assets.

  4. 04Continuing Education

    The Company will work to ensure that all officers and employees, etc. are fully cognizant of the Basic Policy and will conduct necessary education on information security on an ongoing basis.

  5. 05 Incident Response

    If an information security incident occurs, the Company will promptly investigate the cause, work to prevent the expansion of damage and take steps to prevent a reoccurrence.

  6. 06Compliance with Laws and Regulations, etc.

    The Company will strictly comply with all laws and regulations and internal rules, etc.
    concerning information security.

  7. 07Evaluation and Review of Information Security Activities

    The Company will periodically review whether information security is being appropriately enforced and supported and implement remedial measures as needed.

Effective September 21, 2014

Fiscal 2017 Goals and Results

Information Security

Boundary: Scope of application of goal
Related SDGs: Targets of SDGs (sustainable development goals) closely related to the goal

Scroll from left to right

Fiscal 2017 Goals KPI Results and progress of fiscal 2017 initiatives Boundary Related SDGs
Sagawa Express Japan Overseas
Identification and adoption of steps to mitigate the risks facing the Group as a whole and, as a business responsible for social infrastructure, attainment of a high level of crisis management
  • One Information security training session
  • Two Targeted e-mail attack response training sessions
  • One Information security training session held
  • Two Targeted e-mail attack response training sessions held
Some Business Locations 4.7

Systems

SGH-CSIRT

Enhanced information security management systems are now more critical than ever as the potential danger from a wide range of cyberattacks originating outside the company has grown significantly over the past several years. Therefore, at the SG Holdings Group, in addition to existing management systems, we have established the SGH-CSIRT (Computer Security Incident Response Team) for the purpose of minimizing damage to the extent possible in the event of a cybersecurity incident and ensuring early recovery of the affected IT systems.

Initiatives

Security Assessment

Security assessment is an essential tool for evaluating the effectiveness of cybersecurity management systems in order to prevent serious information security incidents.
Specifically, what this means is setting of a target level of cybersecurity upon evaluation of the internal and external environment in which IT systems operate, identifying the challenges to attaining that level and proposing and prioritizing the required solutions. SG Systems is responsible for conducting security assessments and developing effective security enhancement plans for the entire Group.

Educational Activities

We conduct ongoing education and dissemination of information on cybersecurity to all employees in Japan.

Type of Activity Target individuals Frequency

Reading jointly the "SG Holdings Group Security Handbook" and taking a test on its contents

All employees in Japan Annually (in July)

Targeted e-mail attack response training

*Follow-up e-training for employees who open the attached file or click on the link provided

All employees in Japan Twice a year (in the first half and the second half respectively)

page top