Information Security
Information Security Management System
The Company established Sumitomo Warehouse CSIRT in the Internal Control Subcommittee of the CSR Committee in 2015 as a management system for information security. It is currently one of the subcommittees within the Sustainability Committee, and endeavors to prevent information security incidents and minimize damage caused by such incidents.
Sumitomo Warehouse CSIRT is led by the Information Systems Department, and is made up of the General Affairs Department, the Business Promotion Department, the Overseas Business Department, Affiliated Companies Departments and Audit Department. Through quarterly regular meetings, the CSIRT facilitates the sharing of information related to information security, identifies key issues, formulates response and improvement measures, and provides instructions to relevant departments.
Furthermore, the Company has established Information Asset Management Rules and Information Security Management Rules,Based on these rules, controls are enforced whereby software and hardware not procured through the Information Systems Department may not be used without permission.
Cyber Security Initiatives
In cyber security, management systems have been introduced to monitor and prevent unauthorized access from outside the Company. The Company has established a system for quickly restoring and continuing operations in the event of a large-scale failure.
Furthermore, the Sumitomo Warehouse CSIRT, which is the organization overseeing the information security of the entire Group periodically provides reminders in company newsletters to raise employees’ awareness of security, and also takes steps such as raising awareness using posters and irregular implementation of training on targeted attack e-mails.
In addition, it conducts information security training in tiered training and legal training, provides information on information security incidents on the Company intranet, and continues to work to increase information security. In future, the Company will enhance measures as cyber security threats become more sophisticated.
No serious incidents related to information security have occurred until FY2024.
Registration of Registered Information Security Specialists
At Sumitomo Warehouse, we employ professionals who are certified as Registered Information Security Specialists, a national qualification in Japan for experts with advanced knowledge and practical expertise in the field of information security. This certification demonstrates advanced expertise and practical skills in information security, and it reinforces the reliability of our security measures.
Information Security Management System (ISO27001)
The Sumitomo Warehouse Group has obtained ISO27001 international certification on information security management in warehouse facilities storing companies’ confidential documents, and information media such as magnetic tape and film, and is proceeding to create a management system for the protection of information.
Certified Sites
| Tokyo area | Hanyu Archives No.1 |
|---|---|
| Hanyu Archives No.2 | |
| Heiwajima Archives | |
| Yokohama area | Daikoku Logistics Center; Warehouse No.2 |
| Nagoya area | Inuyama Archives |
| Osaka area | Kawaguchi Logistics Center; Kawaguchi Trunk Room |
| Kawaguchi Logistics Center; Ajigawa Warehouse | |
| Nanko East Logistics Center; 200 Warehouse | |
| Kyushu area | Sumitomo Warehouse Kyushu Co., Ltd.; Hakozaki futo Eigyosho |
Basic Policy For Proper Handling of Personal Information
The Company recognized the importance of personal information of customers and business associates used in the course of business, and has established a basic policy on the appropriate handling of personal information to appropriately handle personal information and securely and reliably manage it through compliance with laws, regulations and internal rules, etc. on the protection of personal information.