Information Management

Approach to Information Management and Information Security

Revised: April 1, 2024

Sojitz Group considers the appropriate protection and management of its information assets to be a critical management issue, and the company has therefore established the following policies in order maintain a high level of security over all Sojitz Group information and IT assets.

1. Information Security Initiatives

Sojitz has established a system for managing IT security risks across Sojitz Group, including through the appointment of a Chief Information Security Officer (CISO) and establishment of the Information & IT System Security Committee. Through this framework, Sojitz swiftly implements the necessary information security risk-related measures and strategies. Sojitz has also created rules and regulations regarding the use of IT assets, which are regularly reviewed and revised in response to societal changes and the emergence of new threats. The details of IT-related rules and regulations are thoroughly communicated to all Group members.

2. Technical Prevention Measures

Sojitz has established the Sojitz Security Standards Guideline in order to improve the overall quality of security measures in place across Sojitz Group. These guidelines establish rules for management and operation of IT assets and detail the standard technical measures that must be implemented throughout Sojitz Corporation and its Group consolidated subsidiaries. Sojitz works to mitigate Group-wide security risks by regularly revising the security guidelines to address the increasing information management challenges that arise as organizations introduce new digital tools.

3. Employee Education

Sojitz Group communicates the importance of information management and security by providing e-learning courses and other educational programs for all employees. The company conducts a range of regular security drills and trainings in order to ensure that all individuals responsible for Sojitz Group IT assets maintain a high level of IT security literacy throughout their work.

4. Incident Response

In the rare event that an IT security incident does occur, Sojitz takes steps to immediately identify the cause and swiftly implement response measures, including strategies to prevent similar incidents from occurring in the future.

5. Compliance with Laws and Regulations

Sojitz Group abides by all laws and regulations pertaining to information management and information security.

Masayoshi Fujimoto
Representative Director, Chairman & CEO
Sojitz Corporation

Personal Information Protection

Sojitz Group is fully aware of the importance of protecting personal information and has established a Privacy Policy* for the protection of personal information. In addition to the Privacy Policy, we have also established various regulations and guidelines for the protection of personal information. We ensure proper management of personal information by appointing managers responsible for handling the information and conducting annual inventories of such information, as well as by conducting internal audits in order to confirm that personal information is being managed according to internal regulations.