CSR Charter ⅣComplying with Laws and Regulations and Respect for Human Rights
Principle and Outline
The evolution of the Internet has led to sharp rises in leaks of confidential information, infections by computer viruses and other serious social issues, and the harm suffered by companies from such incidents increasingly extends beyond direct damage, even resulting in the loss of public trust.
As a business operator responsible for social infrastructure, the Daigas Group recognizes the importance of managing customer information and other data, and has sought to enhance the infrastructure for its various operational systems and to implement security measures. Given the circumstances, we established an “Information Security Subcommittee” under the “CSR Committee” to strengthen information security measures throughout our Group.
Efforts to Strengthen Information Security
Under the leadership of the Information Security Subcommittee, the Daigas Group has established a system to enhance its overall information security by deploying managers in charge of promoting information security at core companies of the Daigas Group and organizations in charge of supporting the management of Osaka Gas, and by deploying staff in charge of promoting information security at other organizations and affiliated companies.
The entire gas industry has been working on security-enhancement measures in line with an action plan meant to strengthen information security regarding important infrastructure, compiled by the National Center of Incident Readiness and Strategy for Cybersecurity (NICS). In step with this move, our company has endeavored to enhance information security.
In FY2018, we conducted on-site surveys and checkups regarding information security at affiliated companies, formulated improvement plans for each of these companies, and had them implement suitable measures. Education on information security was also provided to all Daigas Group employees, and employees in charge of IT at each affiliate and organization to improve the information security awareness and skills of each and every employee. To enhance employees' information security awareness and enable them to respond appropriately to security incidents, a drill simulating targeted-type email attacks based on actual cases was conducted twice in the year. A total of about 37,000 employees were covered by the drill.