Information Security
Policies
The NISSIN FOODS Group endeavors to manage and utilize a variety of information assets having defined a Basic Policy on Information Security that aims for safe and proper management of the information and information systems required to conduct business.
Regarding the management of personal information, the Group has established a Privacy Policy. All employees recognize that customers’ personal information is important information that must be properly managed with care. The Group does manage the personal information of customers properly and with care in addition to its compliance with laws and regulations, and guidelines issued by the concerned authorities relating to personal information.
Structure
Implementation Structure
The NISSIN FOODS Group has set up an Information Security Committee to advance information security measures across the entire Group. The committee bears comprehensive responsibility for the handling of information assets and management of information systems with the person responsible for execution, the chief information officer (CIO), formulating information security strategy and implementing measures. As secretariat, the Information Security Committee Office comprises employees from NISSIN FOODS HOLDINGS’ IT Planning, Group IT Governance, General Affairs, Corporate Communications, Finance and Accounting, Human Resources, Legal, and Governance divisions. The committee manages security while liaising with the persons responsible for information security assigned at each Group company.
In the event of an accident or emergency relating to information security occurring at a Group company in Japan or overseas, information is immediately shared with the chief operating officer (COO), as chairperson of the Information Security Committee, and senior management, and work begins on finding a solution in accordance with defined procedures. In addition, various policies and measures relating to information security-related risks and countermeasures are discussed and finalized as required by the Board of Directors, which then issues instructions.
International standard ISO 27001 for information security management systems (ISMS) and the Cybersecurity Management Guidelines established by the Ministry of Economy, Trade and Industry were referenced in the building of an information security management structure. Employees registered as information security specialists—a national qualification relating to information security—strive to strengthen information security internally. Additionally, to strengthen security against cyberattacks and such, the Cybersecurity Strategy Office conducts security risk assessments as well as establishing NISSIN-CSIRT* to put in place a system for detecting security threats and responding to incidents. Measures such as education and awareness-raising activities are also conducted for employees.
- *This is the abbreviation for the Computer Security Incident Response Team, which is the collective term for the expert organization that monitors the Group’s computers and networks for security issues and when an issue occurs, analyzes the cause and investigates the scope of impact.
Initiatives
Information Security Education and Awareness-raising
The NISSIN FOODS Group regularly conducts activities—such as e-learning-based information security education and knowledge checks as well as targeted email attack drills—to heighten security awareness in individual employees, prevent company losses, and retain society’s trust.
In addition, the latest information on information security is thoroughly communicated internally as effort is made to expand employees’ knowledge of the topic and raise the level of awareness.
- Main Information Security Education for FY 3/2024
-
- ・Information security education and knowledge checks (e-learning or questionnaire format)
Coverage: Employees of Group companies in Japan (excluding BONCHI, KOIKE-YA, UJI KAIHATSU DEVELOPMENT, KAGAWA NISSIN FOOD PRODUCTS, and NISSIN PLASTICS) - ・Targeted email attack drill
Coverage: Employees of Group companies in Japan (excluding BONCHI, KOIKE-YA, AJINIHON, UJI KAIHATSU DEVELOPMENT, KAGAWA NISSIN FOOD PRODUCTS, and NISSIN PLASTICS) - ・New employee training
Coverage: New employees of NISSIN FOOD PRODUCTS* - ・New manager training
Coverage: New managers of NISSIN FOOD PRODUCTS*, NISSIN CISCO, NISSIN YORK, and MYOJO FOODS
- ・Information security education and knowledge checks (e-learning or questionnaire format)
- *Including employees on temporary assignment to companies such as NISSIN FOODS HOLDINGS, NISSIN CHILLED FOODS, and NISSIN FROZEN FOODS
Security Assessment
To strengthen the security monitoring structure, internal infrastructure and e-commerce websites operated by the NISSIN FOODS Group are subjected to third-party vulnerability assessments
Related Information and Data
Number of Cases of Customer Information Leaks
FY 3/2024: 0
Coverage: Group companies in Japan and overseas