Information Security
Policies
The NISSIN FOODS Group endeavors to manage and utilize a variety of information assets having defined a Basic Policy on Information Security that aims for safe and proper management of the information and information systems required to conduct business.
Under the Basic Policy on Information Security, we have established a management framework to protect data and ensure its integrity, while continuously monitoring threats to information security and responding as necessary.
Regarding the management of personal information, the Group has established a Privacy Policy. All employees recognize that customers’ personal information is important information that must be properly managed with care. The Group does manage the personal information of customers properly and with care in addition to its compliance with laws and regulations, and guidelines issued by the concerned authorities relating to personal information.
In addition, we require contractors entrusted with system development and security management to implement appropriate security measures in accordance with our Group’s information security management standards.
Structure
Implementation Structure
The NISSIN FOODS Group has set up an Information Security Committee to advance information security measures across the entire Group. The committee bears comprehensive responsibility for the handling of information assets and management of information systems with the person responsible for execution, the chief information officer (CIO), formulating information security strategy and implementing measures. As secretariat, the Information Security Committee Office comprises employees from NISSIN FOODS HOLDINGS’ IT Platform, General Affairs, Corporate Communications, Finance and Accounting, Human Resources, Legal, and Governance divisions. The committee manages security while liaising with the persons responsible for information security assigned at each Group company. In addition, various policies and measures relating to information security-related risks and countermeasures are discussed and finalized as required by the Board of Directors, which then issues instructions.
When employees notice signs of incidents (harmful or malicious events within IT systems or networks, as well as threats of such events occurring) or any abnormalities, the information is shared with the Information Security Committee and the person in charge of information security based on internal regulations, and specialized teams within the company respond as needed. In the event that a significant information security incident occurs at a Group company in Japan or overseas, the Information Security Committee and the COO, who serves as the chairperson of the Committee, work together to assess the situation and take action.
International standard ISO 27001 for information security management systems (ISMS) and the Cybersecurity Management Guidelines established by the Ministry of Economy, Trade and Industry were referenced in the building of an information security management structure. Employees registered as information security specialists—a national qualification relating to information security—strive to strengthen information security internally. Additionally, to strengthen security against cyberattacks, the Cybersecurity Strategy Office has established the NISSIN-CSIRT* (Computer Security Incident Response Team), which analyzes the causes and investigates the scope of impact when an incident occurs. By conducting security risk assessments, formulating incident response standards and procedures for implementing preventive measures in cooperation with NISSIN-CSIRT, and carrying out training exercises simulating cyberattacks, we have established a framework for detecting security threats and responding to incidents.
We are also implementing measures such as internal audits of the information security management system and educational and awareness-raising activities for employees.
- *This is the abbreviation for the Computer Security Incident Response Team, which is the collective term for the expert organization that monitors the Group’s computers and networks for security issues and when an issue occurs, analyzes the cause and investigates the scope of impact.
Initiatives
Information Security Education and Awareness-raising
The NISSIN FOODS Group regularly conducts activities—such as
e-learning-based information security education and knowledge
checks as well as targeted email attack drills—to heighten
security awareness in individual employees, prevent company
losses, and retain society’s trust.
In addition, the latest information on information security is
thoroughly communicated internally as effort is made to expand
employees’ knowledge of the topic and raise the level of awareness.
- Main Information Security Education for FY 3/2025
-
- ・Information security education and knowledge checks
Coverage: Employees of Group companies in Japan*1 - ・Targeted email attack drill
Coverage: Employees of Group companies in Japan*1 - ・New employee training
Coverage: New employees of NISSIN FOOD PRODUCTS*2 - ・New manager training
Coverage: New managers of NISSIN FOOD PRODUCTS*2, NISSIN CISCO, NISSIN YORK, and MYOJO FOODS
- ・Information security education and knowledge checks
- *1Excluding employees of NISSIN FOOD PRODUCTS PACKS and KAGAWA NISSIN FOOD PRODUCTS
- *2Including employees on temporary assignment to companies such as NISSIN FOODS HOLDINGS, NISSIN CHILLED FOODS, and NISSIN FROZEN FOODS
Security Assessment
We continuously strengthen information security by conducting vulnerability assessments, including simulated attacks by third parties, on various systems such as website servers, and by implementing countermeasures based on the results.
Related Information and Data
Number of Cases of Customer Information Leaks
FY 3/2025: 0
Coverage: Group companies in Japan and overseas