Information SecuritySustainability
Fundamental Approach
Our approach to information security aims to enrich the lives of people around the world and improve industrial and economic vitality through the supply of internationally competitive electric power and energy. The use of information technology is indispensable for achieving this, and we have established the JERA Group Information Security Basic Policy to protect our information assets and enhance the safety of transactions as we implement information security measures.
Cybersecurity Management System
To promote cybersecurity, we have established a system for managing cybersecurity risks under the responsibility of senior management. We have also established a Security Subcommittee under the responsibility of the Chief Information Security Officer (CISO) to promote cybersecurity at all times while coordinating with the Risk Management Committee, which serves as the overall risk management system.
Moreover, we have established security management functions and a security incident response team (SIRT) to assist the CISO and management in overseeing cross organizational security measures and incident response.
Enhancing Information Security Measures
The Basic Policy on Information Security covers all personnel engaged in JERA business activities and all physical, environmental, and other resources used in our operations. Based on this policy, we are responsible for the proper handling and protection of related information assets and are working to strengthen our security measures to respond to cyberattacks and other threats.
We continuously educate all employees who handle information assets to raise their awareness of information security and improve their skill level. Our aim is to ensure thorough compliance with laws and regulations, this policy, and related rules and regulations.
In addition, all employees are given a “security card” that outlines compliance matters to raise awareness of information security and to ensure a swift response in the event of an information security incident.
Moreover, we conduct ongoing training related to targeted email attacks for all employees and offer e-learning and other programs to reduce the risk of information leaks and computer viruses arising from such attacks. There continued to be no serious incidents related to information security or the protection of personal information in FY2021.
Information security education and training against targeted email attacks provided in FY2021 is as follows:
Education & Training on Information Security (FY2021)
| Security Education |
|
|---|---|
| Targeted Email Attack Training |
|
We have put together a roadmap for future security measures, including a plan to establish a global security infrastructure to improve information security across the entire JERA Group.
At JERA, we have enhanced the security of servers accessible to the public and implemented measures to prevent and analyze malicious attacks by hackers and others outside the company.
Enhancement of Information Security Measures for Domestic and Overseas Group Companies
We also follow the Cybersecurity Management Guidelines established by the Ministry of Economy, Trade and Industry to review and implement security measures for the JERA Group. We also provide the same security education to domestic and overseas group companies at least once a year.
Furthermore, we conduct annual security risk assessments at each group company. We then evaluate and analyze the results, which inform improvement requests made to enhance the security of each of these companies.