Principle and Outline
The evolution of the Internet has led to sharp rises in leaks of confidential information, infections by computer viruses and other serious social issues, and the harm suffered by companies from such incidents increasingly extends beyond direct damage, even resulting in the loss of public trust.
As a business operator responsible for social infrastructure, the Daigas Group recognizes the importance of managing customer information and other data. In August 2019, the Group launched the Cybersecurity Committee as one of its company-wide committees. Under the leadership of its subcommittee called the Information Security Subcommittee, it strives to step up information security measures.
■Information security promotion system (August 2019)
- *The CSR Committee (Chair: CSR Executive) was renamed the ESG Committee (Chair: Executive in Charge of ESG Promotion) in FY2021.
Efforts to Strengthen Information Security
Under the leadership of the Information Security Subcommittee, the Daigas Group has established a system to enhance its overall information security by deploying managers in charge of promoting information security at core companies of the Daigas Group and organizations in charge of supporting the management of Osaka Gas, and by deploying staff in charge of promoting information security at other organizations and affiliated companies.
Moreover, the entire gas industry has been working on security measures in line with the Action Plan on Information Security Measures for Critical Infrastructures, which was compiled by the National Center of Incident Readiness and Strategy for Cybersecurity (NISC). Osaka Gas, too, has been striving to strengthen the measures.
In FY2020, we conducted on-site surveys and checkups regarding information security at group companies, formulated improvement plans for each of these companies, and had them implement suitable measures. Education on information security was also provided to all Daigas Group employees, and employees in charge of IT at each affiliate and organization to improve the information security awareness and skills of each and every employee. To enhance employees’ information security awareness and enable them to respond appropriately to security incidents, a drill simulating targeted-type email attacks based on actual cases was conducted, with a total of about 20,000 employees covered by the drill.