Information Management

Leaks of information assets could substantially compromise the competitive advantages of the TOK Group and threaten its survival as a business entity. The environment surrounding business entities is drastically changing. Cybersecurity risks may impose a significant threat not only on TOK as a single company, but also on its entire supply chain. Reinforcing the information management system is a priority issue in terms of preserving corporate value and fulfilling our social responsibility. From this standpoint, the Company is redoubling its efforts in ensuring information security by maintaining a PDCA cycle.

Information Management Policy

The Tokyo Ohka Kogyo Group (Tokyo Ohka Kogyo Co., Ltd. and its subsidiaries; hereinafter referred to as the “TOK Group”) has positioned managing risks related to information assets as an important business issue and is working to implement various measures in line with the following policy in order to fulfill its corporate social responsibility.

Defining, protecting, and making use of information assets:
TOK Group shall comply with laws and regulations related to information security, social norms, in-house rules, etc.; appropriately protect all information assets it possesses, including business information, customer and sales information, personal information, and technical information; and use those information assets only for stated purposes and by those with the stipulated authority in order to effectively conduct operations.

Maintenance of Tools and Security Infrastructure
TOK Group will develop and maintain communication tools and security infrastructure to a reasonable extent so that information assets can be effectively utilized.

Organization and organized activities:
TOK Group shall establish an Information Management Committee and create, maintain, and promote an information asset management system throughout the Group.

Integrity, confidentiality, and availability:
TOK Group shall properly manage information assets it possesses through various measures including human, physical, and system ones and IT in order to prevent the leak, unauthorized alteration, theft, destruction, etc., of those assets.

Training:
The TOK Group shall regularly and continually conduct in-house training and work to raise awareness and educate employees about in-house rules, etc.

Incident response:
If an information security related incident or similar event occurs, the TOK Group shall work to minimize damage and take steps to prevent a reoccurrence.

Audits and continual improvements:
The TOK Group shall regularly conduct audits and continually implement improvements as part of its information asset management.

Information Management Structure

The TOK Group created the TOK Information Management Committee headed by the department manager of the Corporate Planning Department as the chair. The Committee determines policies and measures related to information security and cybersecurity. The overseas subsidiaries established their information management organizations, which develop systems and rules to collaborate under the guidance of the TOK Information Management Committee, thereby strengthening information management systems throughout the Group. In addition, the Internal Auditing Division regularly audits compliance with rules and other matters on information management as part of its internal audits. The Division aims to improve the information management system by giving guidance, proposals, and advice to relevant departments.

Information Management Committee Diagram

2022_reference.jpg

* Chaired by the Department Manager of the Corporate Planning Department

 

Related Material Issue