Information security

Continuing to strengthen the information security framework and systems, including insider information management

We are aware that our businesses have a social infrastructure aspect, and so we work to protect client confidential information, including pre-disclosure insider information. To handle this information safely, we have devised an information security policy, and we have strengthened the related framework and systems. We also continue working to enhance the communications infrastructure, hardware and software, and to improve management in order to safely send, receive, process and store information.

To manage insider information, we restrict access via ID management and analyze and audit access records, in addition to isolating business areas and separating file servers. Also, we are working to bolster this area by developing and operating critical in-house systems. For example, the GENE-S.I.S. system assimilates past production control systems and integrates the management of processes - from order to delivery. This system is helpful in increasing operational efficiency, sharing information and preventing mistakes and problems through increased visibility. At the same time, managing important as well as confidential information on a single system increases security and prevents interference by any unnecessary people as well as exposure of the information. It therefore fulfills a major role in insider information management.

To combat the threat of cyberattacks from outside, we responded to the Cybersecurity Management Guidelines published by Japan's Ministry of Economy, Trade and Industry in 2015 and took steps to ensure that all provisions of our Cybersecurity Management Checklist are implemented swiftly based on management leadership. Based on analyses of the threat and reports made by the CISO*, the appropriateness of the threat response policy and risk management are assessed at the management level.

  • *CISO: Chief Information Security Officer
Conceptual Diagram of PRONEXUS Security Measures
Security measures, Multi-layered defense, Entrance measures, Incursion detection, Exit measures, ISMS-based rules, Operated by the CSIRT, Security training, etc., Insider information management structure, Isolation of work areas, Network separation, Control within applications, Strict authorization settings and audit at the individual level, Insider information education, etc.
Insider Information Security Committee
Chairperson (president), Personal information protection manager, ISMS management head, Secretariat, Members, Internal Audit Office, CSIRT, SOC*2, ISO working member, Note *2. SOC:Security Operation Center

Operating CSIRT* (Computer Security Incident Response Team) as Group activities to ensure cybersecurity

We established a CSIRT system as a common framework between PRONEXUS and ASP Communications Co., Ltd. with the aim of understanding diversified incidents and implementing active security measures. This contributes to enhanced security throughout the Group.

Main roles of CSIRT:

  • Detect events regarding computer security
  • Handle and manage security incidents
  • Investigate and analyze causes of infected computers
  • Understand and disseminate security-related information, etc.
  • *CSIRT: Computer Security Incident Response Team is an organization that conducts surveillance to see if problems have occurred in our computers or networks, and to analyze their causes and effects, if any problems occur.

Providing information security education to employees in response to changes in the external environment

We regularly conduct email drills for all employees in response to rising threats that include targeted attacks from the outside, ransomware and DDoS attacks. The aim is to make sure employees can detect the threat quickly and prevent attacks from suspicious email through awareness and reporting.

We also provide information security education through e-learning twice a year and regularly hold security training that is sponsored by the Legal & Compliance Office.

In addition, we have established Security Guidelines to develop a system that guarantees security from the system development stage, and promote its design and development in compliance with the rules as part of the CSIRT operation.