Information Security
Information Security Management System
The Company has established Sumitomo Warehouse CSIRT in the Internal Control Subcommittee within the CSR Committee in 2015 as a management system for information security, and currently endeavors as one of the sub committees within Sustainability Committee to prevent information security incidents and minimize damage caused by such incidents.
Sumitomo Warehouse CSIRT is led by the Information Systems Department, and is made up of the General Affairs Department, the Business Promotion Department, the Overseas Business Department and Affiliated Companies Departments. Information on information security is shared, issues are identified, measures are drafted and instructions are provided to Affiliated Companies departments through periodic meetings.
Furthermore, the Company has established Information Asset Management Rules and Information Security Management Rules, and has introduced systems that ensure software and hardware not obtained through the Information Systems Department cannot be used without permission.
Cyber Security Initiatives
In cyber security, management systems have been introduced to monitor and prevent unauthorized access from outside the Company. The Company has established a system for quickly restoring and continuing operations in the event of a large-scale failure.
Furthermore, the Sumitomo Warehouse CSIRT, which is the organization overseeing the information security of the entire Group periodically provides reminders in company newsletters to raise employees’ awareness of security, and also takes steps such as raising awareness using posters and irregular implementation of training on targeted attack e-mails.
In addition, it conducts information security training in tiered training and legal training, provides information on information security incidents on the Company intranet, and continues to work to increase information security. In future, the Company will enhance measures as cyber security threats become more sophisticated.
No serious incidents related to information security have occurred until FY2020.
Information Security Management System (ISO27001)
The Sumitomo Warehouse Group has obtained ISO27001 international certification on information security management in warehouse facilities storing companies’ confidential documents, and information media such as magnetic tape and film, and is proceeding to create a management system for the protection of information.
Certified Sites
| Tokyo area | Hanyu Archives No.1 |
|---|---|
| Hanyu Archives No.2 | |
| Heiwajima Archives | |
| Yokohama area | Daikoku Logistics Center; Warehouse No.2 |
| Nagoya area | Inuyama Archives |
| Osaka area | Kawaguchi Logistics Center; Kawaguchi Trunk Room |
| Kawaguchi Logistics Center; Ajigawa Warehouse | |
| Nanko East Logistics Center; 200 Warehouse | |
| Kyushu area | Sumitomo Warehouse Kyushu Co., Ltd.; Hakozaki futo Eigyosho |
Basic Policy For Proper Handling of Personal Information
The Company recognized the importance of personal information of customers and business associates used in the course of business, and has established a basic policy on the appropriate handling of personal information to appropriately handle personal information and securely and reliably manage it through compliance with laws, regulations and internal rules, etc. on the protection of personal information.