Sumitomo Metals established the Information Security Committee in 2005 to protect the information assets used inside the company from various threats and ensure the continued safety of our business operations. We are continuously working to maintain and expand our information security management systems, including those at Group companies.
The Information Security Committee is engaged in the following activities in order to provide comprehensive management of information security measures, ensuring that they are carried out efficiently and effectively.
• Maintenance of the information security system and rules
• Formulation of training plans, education, and measures to increase awareness
• Inspections and reviews from the perspective of prevention
• Collection of information, investigation of incidents or possible incidents, and control of corrective measures
The Information Security Committee reviews the information security management system on a continuing basis in order to adapt to changes in the social environment. During fiscal 2008, we revised the rules related to information security and established guidelines for more reliable implementation, and also conducted activities to ensure information security awareness among all employees.
Beginning from fiscal 2009, we have been conducting monitoring of the entire organization and are establishing a more solid position for information security within the company.
Company information is divided into three categories according to the risk level in the event that the information is leaked, and specific management methods have been established for each category.
We are taking both personnel and equipment measures to prevent information leakage, including measures to prevent the loss or theft of personal computers and USB memory devices and to ensure complete enforcement of rules regarding the removal of information devices from company property.
Based on our Personal Information Protection Policy, Sumitomo Metals has established basic rules related to the management of personal information as part of the "Guidelines for Handling of Personal Information." We have also created a personal information protection manual, and are extensively promoting and ensuring an awareness of the appropriate handling of personal information.
