Information Security Management

Basic Approach and Policy

Basic Approach to Information Security

Taking the increase in information risk factors in recent years into consideration, the Nabtesco Group is continuously working group-wide on the establishment of systems and the promotion of related initiatives to brace for not only traditional risks but also emerging risks such as cyberattacks.

System

Information Security Management System

To address a recent increase in cyber security risks and enhance the information security level of the entire group, the Nabtesco Group has established the Information Security Committee, created a basic information security policy, enhanced the level of security measures, and promptly addressed serious security incidents. This committee consists of a chairperson and committee members appointed by the CEO, reports its activities periodically to the CEO, and if directed, reports to the Board of Directors. The Nabtesco Group also has Chief Information Administrators and Chief Supervisors assigned to facilities, and the Information System Department plans information security measures, provides advice, instruction and cooperation during implementation, verifies the adequacy of information security, and provides support such as correction instructions across the Nabtesco Group as a department dedicated to information security.

Organization chart of the Information Security Committee

Figure

Members of the Information Security Committee

Chairperson Representative Director
Senior Managing Executive Officer in charge of information systems
Committee members
  • Managing Executive Officer in charge of General Administration, Human Resources and Legal & Compliance
  • Executive Officer, General Manager, Production Innovation Division
  • Executive Officer, General Manager, Innovation Strategy Division
  • Executive Officer, General Manager, Corporate Planning Department
  • Executive Officer, Senior General Manager, Technology and R&D Division
  • Executive Officer, General Manager, Legal & Compliance Department
  • Executive Officer, General Manager, Human Resources Department
  • Corporate Officer, General Manager, Information System Department
  • General Manager, General Administration Department
  • General Manager, Corporate Communication Department
  • General Manager, Intellectual Property Department
  • General Manager, Digital Transformation Promotion Department

Chairperson of the Information Security Committee: Atsushi Habe
Representative Director and Senior Managing Executive Officer

(Brief profile related to information systems)
Mr. Atsushi Habe developed his career in the Precision Equipment and Aerospace Companies, among other business units, and fulfilled the duties of an information management administrator while concurrently holding the position of the General Manager of Planning Department and General Manager of the Sales Promotion Department at the plants of these business units. He led the Precision Equipment as President from 2019 to 2020. Officers in charge of information systems, present post. Member of Risk Management Committee, present post.

Measures

Establishment of Management Rules and Regulations

Through the Nabtesco Group’s intranet, we share rules and regulations established regarding information management and security, such as the Basic Rules on Information Management, Information Security Management Standards and Information Security Incident Response Standard.

Response to Information Security Incidents

We have standards in place to take action in the event of information security incidents, and following these standards, the computer security incident response team (CSIRT) stands by to address them. The CSIRT works to prevent the spread of losses and damages attributable to these incidents, the quick restoration of operations and other matters.

We conduct incident response verification at least twice a year, once to simulate an actual incident according to the procedure manual, and after the simulation, we verify the response measures and reflect them in the procedure manual. Another time, we conduct a company-wide disaster drill once a year and evaluate the response status from the perspective of IT security.

Education on Information Security

We provide all employees with education on information security every year as an awareness-raising measure. Moreover, we mandate new employees and mid-career hires to receive training on information security upon joining the company. The content of training materials is revised every year to reflect recent trends in information security.

In the training on information security provided to employees in FY2022, we focused on providing cautions on the use of social media and raising awareness around the security risks posed by email attachments. Also, to prevent employees from falling victim to fraudulent business emails, we created a special webpage on the intranet to warn employees against such fraud.