Contact Us
Sustainability

Sustainability Top

information security

Sustainability Data Book 2025

Sustainability Data Book 2025

Basic approach

The importance of information security measures is increasing year by year, and it is important to establish measures and policies to prevent and minimize the impact of incidents when they occur, as well as to establish measures and policies to prevent them from spreading viruses, unauthorized access to systems, leakage of personal information, and cyberattacks. The Group has established rules and response procedures such as the "Basic Policy on Information Security" (established on May 10, 2024), the "Information Protection Management Regulations," and the "Information System Management Regulations," as well as technical and physical defense measures by IT, information security education, and incident response drills to maintain and improve appropriate information management and information security.

The artience Group (hereinafter referred to as the “Group”) recognizes that it is an important management responsibility to appropriately protect and manage all information held and handled by the Group as important information assets, to maintain them in a complete state, and to ensure that they can be utilized for business activities at any time. In particular, in today’s society, where the handling of such information is strongly dependent on ICT systems, we believe that it is essential in information security to ensure cybersecurity for digitalized information.
Based on this basic approach, we have established this Basic Policy on Information Security (hereinafter referred to as this “Basic Policy”), and will endeavor to appropriately manage and operate information assets and ICT systems to ensure information security and cybersecurity.

  1. Scope of application

    This Basic Policy applies to all companies and organizations that make up the Group. This Basic Policy also applies to all officers, corporate advisors, employees, contract employees, and part-time employees of the Group, as well as temporary dispatch workers and all other persons engaged in the Group’s business operations (hereinafter referred to collectively as “officers and employees”). We also ask all suppliers, distributors, and other business partners who form the Group’s supply chain to understand and support this Basic Policy.
    The scope of information covered by this Basic Policy is all information handled by the Group, including the information of external third parties.

  2. Compliance with laws and regulations

    The Group will comply with laws and regulations relating to information security applicable in the countries and regions in which it conducts its business activities, and policies, internal regulations, and rules relating to information security and cybersecurity, including this Basic Policy. We will also comply with social codes of conduct relating to information security, various contracts associated with our business activities, and agreements with external third parties to whom information belongs.

  3. Information security system

    The Group will establish an Information Security Office supervised by the department that oversees information security activities. The Information Security Office will plan, promote, and support the development of policies, internal regulations and rules, etc., as well as risk management, incident response, education and training, and other related group-wide information security activities relating to information security and cybersecurity.
    Each division of each Group company will appoint an Information Security Manager who will promote and implement on-site information security activities in cooperation with the Information Security Office, forming a group-wide information security system.

  4. Risk management

    The Group is deeply aware that the information assets it handles are constantly exposed to risks such as loss, damage, falsification, leakage, unauthorized access, and cyber attacks, etc., and implements necessary and reasonable risk management. In view of this, we will establish an information security risk management system through collaboration between the Risk Management Subcommittee, a subordinate organization of the Sustainability Committee, supervised by the Board of Directors and Representative Director and President, and the Information Security Office.
    The Group will identify and evaluate risks relating to information security and cybersecurity, manage them through mitigation and countermeasures, etc., and report to the Board of Directors and the Group Management Committee on a regular basis, and on an extraordinary basis as needed.

  5. Response to cyber incidents

    The Group will establish the artience-CSIRT (artience-Cyber Security Incident Response Team) under the direct control of the Risk Management Subcommittee, as an emergency response system for the purpose of minimizing damage from cyber incidents and ensuring business continuity. artience-CSIRT will:
    (1) Take consistent actions to reduce and eliminate damage to information as important assets.
    (2) Always put customers first and serve them swiftly and sincerely.
    (3) (1)     Pay attention to maintaining and improving the brand image without yielding to cyberattack. Based on these action principles, in the event of a cyber incident, artience-CSIRT will be responsible for initial response, determination of response policy, making external announcements, coordination and information gathering in cooperation with organizations both inside and outside the Group, elimination of causes, recovery response, and consideration of measures for preventing recurrences.

  6. Ensuring cybersecurity in the supply chain

    In view of the fact that an external network through ICT systems is essential for all business activities, the Group will endeavor to ensure cybersecurity through information sharing and coordination with suppliers, business partners, outsourcing partners / subcontractors, customers, and other stakeholders that make up the Group’s supply chain.

  7. Education and training

    The Group will design and create appropriate education programs based on this Basic Policy and related policies, internal regulations and rules, etc., and will regularly and repeatedly provide education and training on information security and cybersecurity to all officers and employees, etc. By doing so, we aim to improve the information security literacy and skills of officers and employees, etc., and ensure the level of the Group’s information security.

  8. Continuous inspections and improvements

    The Group will conduct regular and irregular internal audits and investigations to confirm that the management and operation of information assets and ICT systems are being implemented appropriately. To adapt to the speed of changes in the environment surrounding information security and cybersecurity, we will continuously improve our information security and cybersecurity activities by constantly collecting and analyzing information on information security and cybersecurity, endeavoring to recognize and understand the latest environment, regularly inspecting related systems and initiatives, and revising policies, regulations, and rules, etc., including this basic policy, in accordance with current conditions.

  9. Revision, abolition and management

    Decisions regarding the revision or abolition of this Basic Policy shall be made by the Board of Directors of artience Co., Ltd.
    The department in charge of the revision and abolition of this Basic Policy shall be the department that oversees the information security activities of artience Co., Ltd.

Established on May 10, 2024 (resolved at the Board of Directors on May 10, 2024)

PDF[日本語・英語・簡体字中国語]

Promotion system

Information security initiatives and response to risks are promoted by the Group Information Systems Department in cooperation with General Affairs Department and Corporate Communication Department. In addition, we have established an "Information Security Office Desk" as a contact point for consultation and reporting from employees.
In the event of an incident, in order to minimize the impact, the Group Information Systems Department will establish an organization called "artience-CSIRT" in accordance with the "Guidelines for the Establishment of artience-CSIRT" to report and respond to Risk Management Committee, Sustainability Committee, and management.

attempt

Main activities in FY2024

In FY2024, we held Information Security Enhancement Month (September ~ November) throughout the Group, including overseas, and raised awareness of information security by using an internal portal to raise awareness of information security, as well as through various education and awareness-raising activities, such as training for new employees, training for expatriate employees, and information literacy tests.
In addition, we conduct targeted email training every year to combat information security risks caused by cyberattacks, which leads to the improvement of information security awareness among each employee (held on November 19 in FY2024). In addition, we conducted incident response drills at artience-CSIRT to confirm the response procedures in the event of a cyber incident.
We conduct assessments of the status of security measures for overseas companies to understand the latest situation, conduct vulnerability assessments, and instruct and provide guidance on prompt response to known vulnerabilities.

Accidents related to information security

In fiscal 2024, there were no serious incidents affecting business activities related to information security.

Protection of personal information

Recognizing the importance of protecting personal information, we comply with laws and regulations regarding the handling of personal information, and take steps to appropriately handle and protect personal information. We have established a "Privacy Policy" and established "Personal Information Management Regulations." In addition, we have appointed a personal information manager in each department to appropriately manage information using a personal information ledger and strive to live up to the trust of our customers. We are also working on initiatives that take into account the laws and regulations of each country, including compliance with the GDPR (EU General Data Protection Regulation), which came into effect in the EU in May 2018.

Privacy Policy

Cyber security measures

In accordance with the Basic Policy on Risk Management, the Group must strengthen its ability to respond to unforeseen situations related to cyber incidents as an organization. Therefore, we have established a system BCP system "artience-CSIRT" to minimize damage and maintain business continuity in the event of an emergency. In addition, in addition to rules and response procedures such as the "Risk Management Implementation Rules," "Emergency Response Regulations," and "Information System Disaster Countermeasure Guidelines," we have established the "artience-CSIRT Establishment Guidelines" and "Cyber Incident Response Manual" to ensure internal awareness.

  • Ensure that damage to information, which is an important asset, is reduced and eliminated.
  • Always put the customer first and respond quickly and honestly.
  • Be conscious of maintaining and improving your brand image without giving in to crimes caused by cyber attacks.

Security Incident Response System (FY2025)

Security Incident Response System (FY2025)
Security Incident Response System (FY2025)
Security Incident Response System (FY2024)
Security Incident Response System (FY2024)

Print