Japanese
Contact Us
Contact Us
Japanese
Japanese

Security and IT Governance

Governance

background image

As a characteristic of our business, the Group is entrusted with information assets, including not only confidential business and technical information of our client companies but also personal information of end users and other individuals held by these companies. With cyber risks becoming more sophisticated and complex year by year, addressing these security risks has become an important management issue for us.

Security Policy and Privacy Policy

The Group has established the “Security Policy” and “Privacy Policy” and is committed to being in compliance with them. Additionally, we obtained the Information Security Management System (ISMS) certification in 2004 and the Privacy Mark certification in 2009 in an effort to build and maintain a information management system while also taking measures to manage confidential information from various perspectives taking into consideration human, physical, and technical aspects. Furthermore, to address potential damage claims in the unlikely event of an information leakage, we have cyber security insurance that will cover up to a certain amount.

In July 2021, as remote work increased, the Group expanded the scope of our ISMS certification to include “remote work environments” and successfully obtained the ISMS certification for this expanded scope.

Full Implementation of endpoint detection and response (EDR)

Endpoint detection and response (EDR) is a security solution that detects suspicious behavior on user PCs and servers (endpoints) and supports rapid response. To prepare for cyber risks, the Company has installed EDR on all the devices we use.

Cyber risk prevention barriers include IDS/IPS, web filtering, email filtering, anti-virus software, and the last barrier is EDR.

24/7 Monitoring System

At Bewith, we collect logs from all internal devices and monitor them 24 hours a day, 365 days a year. The system is designed to alert whoever is in charge whenever an abnormality is detected on a device.
In addition, the IT division keeps track of all websites, etc. accessed by employees and this serves as a deterrent against visiting high-risk websites.

Logs sent from the site of operation are logged by the NOC*1 and SOC*2 for in-house equipment. Monitoring is performed at the SOC and the NOC (operating 7 days a week) while the Chief Privacy Security Officer (CPSO) controls both the security and network aspects. The CPSO works with the CDO in charge of IT strategic investment, including control, plan, monitoring, and execution, as well as the IT governance in charge of rules, processes, organizations, and tools in order to respond. On-site crises and issues, etc. are escalated and reported to or consulted with the centers.
  • *1
    Network Operation Center (NOC):
    A center that manages network anomalies and responds to situations as they arise (currently operating 5 days a week)
  • *2
    Security Operation Center (SOC):
    A center that manages security anomalies and makes decisions to shut down a network, etc. depending on the situation
Sustainability
  1. HOME
  2. Corporate Information
  3. Sustainability
  4. Security and IT Governance
PAGE TOP