Information Security

Approach and Policy

The Mitsubishi Chemical Group is taking on the challenge of utilizing digital technologies and digital business models to transform business processes and collaborate across business divisions to create value. On the other hand, information security risks are increasing, including more sophisticated and stealthy cyberattacks. As a result, strengthening information security has become one of the most important issues that must be addressed on an ongoing basis. Given this, we recognize the importance and responsibility of protecting information assets, and strive to prevent loss of social credibility and business interruptions due to information leaks, falsification, or other risks.

• Information Security Policy
  
• Digital Strategy

Structure

As part of our management structure, we have established the Information Management Committee, a company-wide organization with responsibilities for information asset management, data governance, personal information management, information system security, control system security, and R&D system security, which works to maintain, manage, and improve information security.

Core Measures

We have formulated information security policies and regulations, protect and manage information assets, and promote various security measures on a global scale.
We have also established an incident response structure (CSIRT^*1 organization) to respond to information security incidents. Furthermore, in the event of a serious security risk that could have a significant impact on business continuity, social credibility, corporate value, or other areas, we will respond to the crisis event across the organization under our crisis management system in accordance with our Crisis Management Regulations.

*1CSIRT：Computer Security Incident Response Team

Implementing Security Training and Drills

We regularly implement awareness-raising and training activities for all Group employees, both in Japan and overseas, to ensure that they have thorough knowledge of information management. We also regularly conduct targeted email attack drills for all employees. In addition, we implement company-wide training to prepare for incidents if they do occur.