Toppan has reinforced safeguards to prevent leaks and outflows of personal information in diverse operations throughout the Group by restricting the handling of personal information to tightly secured areas that satisfy rigorous criteria for qualification audits. The Group has also worked for thorough security control in operation design and quality assurance for products with safe, secure systems and processes designed to manage personal information.
Toppan has declared declared that “each of us at the Toppan Group carries out Groupwide information security management” in its basic policy on information security. Under the basic policy, Toppan has continuously upgraded the Group’s systemized rules formulated based on ISO/IEC 27001 (a stringent, globally recognized standard on information security management) in compliance with Japanese Industrial Standards (JIS) Q 15001 (a standard for accrediting PrivacyMark Systems for personal information protection management).
Toppan Group Basic Policy on Information Security
As a group of companies operating in the information communication industry, each of us at the Toppan Group carries out Groupwide information security management in the recognition that the management of information necessary for business is a significant managerial challenge for us as a means to reciprocate our customers’ trust and promote the ongoing growth of the Toppan Group.
- We manage information necessary for our business appropriately in observance of our in-house rules, the law, and the principles of social order.
- We collect information for appropriate purposes using appropriate methods.
- We safely manage the information entrusted to us by customers in order to reciprocate our customers’ trust.
- We are deeply aware of the risks to the information assets we handle, such as illegal access, loss, damage, falsification/manipulation, and leakage of information, and take necessary and reasonable safety measures against these risks. We deal with and rectify any problems that occur promptly and in an appropriate manner.
- We establish, operate, maintain, and continuously improve information security management systems.
Established on April 1, 2001
Revised on June 27, 2019
President & Representative Director
Companies today face wide-ranging information security risks, from careless mistakes and fraudulent acts committed in-house to cyber-attacks and hidden threats in new business fields.
The head office and every business division at Toppan work to strengthen cooperation with relevant departments throughout the Group. Toppan seeks to secure the Group’s information security governance structure through cooperation that goes beyond existing organizational boundaries.
Organizational Structure for Information Security Management
Information Security Management Structure
Employing an Information Security Management Structure
Under the chief information security manager, the head office Information Security Division formulates a Groupwide information security plan, sets up rules and regulations, and disseminates and reviews them. The division convenes regular meetings with members from the Toppan business divisions, Group companies, and related companies to share the details of information security polices and measures underway.
The Information Security Division also carries out regular audits of business divisions, Group companies, and related companies to check the quality of their information security management and recommend corrective measures to enhance their performance, as necessary.
The results of these activities are regularly reported to the chief information security manager. When a security incident arises, the division initiates the Group’s response and reports the present status to the security manager as required.
Reviewing In-house Rules to Improve Groupwide Information Management Systems
The Toppan Group’s rules and regulations on information security management have been established based on the ISO/IEC 27001 standard for information security management systems (ISMS) and comply with the JIS Q 15000 standard for personal information protection management systems (PMS). To sustain its ISMS and PMS, Toppan needs to ensure robust governance on information security management throughout the entire Group, including overseas sites, and to respond to emerging requirements in areas such as cyber security, the use of data, the IoT, and globalization.
Common information security management rules were formulated in fiscal 2020, with plans for Groupwide application in fiscal 2021.
Preventing the Spread of COVID-19
Toppan has reviewed the Group’s information security rules for remote working and formulated standards for the use of communication tools in an effort to ensure a safe working environment without in-person interactions.
For regular training on information security management, the Group has shifted from in-person lectures to e-learning-based programs. Remote approaches were also adopted for internal audits and audits of various other types.