Information SecurityGovernance
Basic Approach
Toppan controls information security and cyber security across the Group in the recognition that appropriate and safe management of information and systems necessary for business is a significant managerial challenge for the Group as Toppan grows as a leader in addressing global social agendas.
The threat of cyber-attacks has been mounting with the advancement of the IoT and rapid digital transformation. These attacks can result in the leakage of information assets, including personal information or confidential information, and endanger business continuity per se.
In keeping with the Toppan Group Basic Policy on Information Security, Toppan applies secure technologies and rigorous control in operations throughout the Group to drive digital transformation initiatives that enhance corporate value and reciprocate the trust of customers and society. The Group has been introducing various systems and tools to counter cyber-attacks and reinforcing safeguards across the tightly secured areas where personal information is handled throughout Japan.
Toppan Group Basic Policy on Information Security
As a group of companies operating in the information communication industry, each of us at the Toppan Group carries out Groupwide information security management in the recognition that the management of information necessary for business is a significant managerial challenge for us as a means to reciprocate our customers’ trust and promote the ongoing growth of the Toppan Group.
- 1.
- We manage information necessary for our business appropriately in observance of our in-house rules, the law, and the principles of social order.
- 2.
- We collect information for appropriate purposes using appropriate methods.
- 3.
- We safely manage the information entrusted to us by customers in order to reciprocate our customers’ trust.
- 4.
- We are deeply aware of the risks to the information assets we handle, such as illegal access, loss, damage, falsification/manipulation, and leakage of information, and take necessary and reasonable safety measures against these risks. We deal with and rectify any problems that occur promptly and in an appropriate manner.
- 5.
- We establish, operate, maintain, and continuously improve information security management systems.
Established on April 1, 2001
Revised on June 27, 2019
Hideharu Maro
President & Representative Director
Toppan Inc.
Promotion framework
Under the direction of the Chief Information Security Officer (CISO), the Information Security Division and specialist technical teams work together to manage information security at Toppan by overseeing business divisions and Group companies in cooperation with outside expert organizations.
In parallel, information security managers in the business divisions and Group companies work to ensure the safety of their organizations according to instructions issued by the head office.
Organizational Structure for Information Security Management
Information Security Management Structure
Information Security Management
Under the Chief Information Security Officer (CISO), the Information Security Division formulates a Groupwide information security plan, sets up rules and regulations, and disseminates and reviews them. The division convenes regular meetings with members from business divisions and related companies to share the details of information security polices and measures underway.
The Information Security Division also carries out regular audits of business divisions and related companies to check the quality of their security control and recommend corrective measures as necessary.
The results of these activities are regularly reported to the CISO. When a security incident arises, the division promptly initiates the Group’s response and reports the present status to the CISO as required.
Arranging Remote Working Environments
Toppan has reviewed the Group’s information security rules for remote working and formulated standards for the use of communication tools to ensure safe working environments outside of the office. A system has been introduced to enable Group employees to promptly report suspicious incoming emails and virus-infection incidents while working from remote locations.
Remote approaches have also been adopted for internal audits and audits of various other types to confirm information security management throughout the Group.
Revising Rules to Enhance Security Management
Toppan’s rules and regulations on information security management have been established based on the ISO/IEC 27000 standard for information security management systems (ISMS) and comply with the JIS Q 15000 standard for personal information protection management systems (PMS). To sustain its ISMS and PMS, Toppan needs to ensure robust governance of information security throughout the entire Group, including overseas sites, and to better respond to emerging requirements in areas such as cyber security, the use of data, the IoT, and globalization. Toppan duly formulated a set of baseline standards for monitoring conformance with the Toppan Group Basic Rules on Information Security in fiscal 2021. The Group’s control over information security has been reinforced through checks on conformance at Group companies.