Initiatives Related to Information Security

The spread of the Internet and the broad use of devices such as smartphones have ushered in a convenient era in which anyone can connect with the online community easily at all times. On the other hand, with cyberattacks, email spoofing, and other crimes against information security growing rampant and ever more advanced, the risks are increasing of everyone becoming either a victim or perpetrator of information leakage.

We at the Nissha Group recognize the paramount importance of not leaking outside the company or beyond related parties information about our employees, personal information, and information entrusted to us by our customers and suppliers, particularly highly confidential information assets such as information on new products and state-of-the-art technologies. All our employees adhere to our Information Security Policy, which we drew up in and implement since 2005 with the aim of building a highly reliable and safe information security management system (ISMS).

Information Security Policy

Nissha and its subsidiaries committed to establish, maintain, and improve highly reliable and secure an information security management system to protect our own business information and the information assets, which we acquire from customers, suppliers and employees, etc., through our business activities performed, from any kinds of threat. And we take internal and external information security requirements into consideration and reduce all risks below the acceptable levels.

  1. We continually improve an Information security management system by establishing, implementing, and reviewing the information security objectives, so that the confidentiality, integrity, and availability of information can be maintained and improved.
  2. We comply with legal and regulatory requirements for information security and with contractual security obligation.
  3. We establish and improve the criteria for reasonably evaluating risks concerning information security as well as the risk assessment methods, to mitigate risks and to maintain the information security levels which contributes to the corporate developments.
  4. We make Information Security Policy known to all employees working in the premises of Nissha and its subsidiaries to raise their awareness of the issues related to information security.

July 1, 2013

Junya Suzuki
President and CEO
Chairman of the Board
Nissha Printing Co., Ltd.

Information Security Management Structure

We have in place an Information Security Subcommittee of the CSR Committee to serve as a center for the promotion of information security. The subcommittee is run by an ISMS management representative (the Chief Information Officer, or CIO) and comprises information security managers and promoters selected from each department. An ISMS secretariat set up within the IT Department functions as the subcommittee secretariat.

The subcommittee plays an important role in the promotion of our ISMS by addressing issues that have become evident as well as reporting and sharing the results and challenges of initiatives related to information security.

Management Structure

Information Security Management Structure

Initiatives in Information Security Management

In September 2005, we obtained ISO27001 certification, a global standard for ISMS. Since then, we have built and continuously maintained and improved an ISMS unique to the Nissha Group. Through the operation of our ISMS, we have performed risk assessment and analyses related to information assets, determined and strived for information security targets, complied with related laws and regulations, conducted internal audits, and appropriately followed processes such as management reviews, thereby reducing the risks of information security incidents and accidents.

In fiscal year 2016, the Nissha Group focused particularly on the following initiatives.

1. Compliance with Japan’s social security and tax number system
We formulated a set of internal regulations with the introduction of Japan’s social security and tax number system, and organized a briefing session and tested the level of understanding of employees responsible for handling the numbers assigned to individuals.

2. Strengthening of information security education
We implemented training and education to deepen the understanding of all employees, including through group sessions at affiliated companies new to the Nissha Group.

3. Expansion of ISO27001 examination and certification
In fiscal year 2016, Nitec Precision and Technologies, Inc. (NPT) Kyoto Factory and Nissha F8, Inc. (NF8) obtained ISO27001 certification.

4. Response to new ISO27001
We received inspection by an outside organization and renewed our certification in the new version of ISO27001 (2013).

5. Preparations for introduction of ISMS in overseas bases
We prepared a system toward the start of ISMS operation at overseas bases, and visited sites and organized videoconferences to provide education about initiatives in information security and explain the procedures for operating the ISMS.

In fiscal year 2017, we plan to newly obtain ISO27001 certification at a number of our affiliated companies and start operation of the ISMS at overseas bases. The Nissha Group will actively continue in our efforts to keep up with the rapid changes in the IT environment, and reduce risks and strengthen management of information security.

Page top