Information security

Each and every employee conducts our activities according to Sanden’s IT security basic policy to gain customer trust and confidence.

IT security basic policy was issued in the Sanden Group in 2001. Each and every employee acts according to the IT security basic policy to earn customer trust and confidence.

Based on the reorganization from a holding company to an operating company in January 2022, Sanden is implementing policy and control for the entire Group.
In response to the recent increase in cyberattacks, Sanden conducts security countermeasure risk assessments at Sanden Corporation, our business companies, and overseas companies as a preventative measure against computer viruses, information leakage, and junk mail, and strive together with Group companies to enhance risk countermeasures.

To reduce the risk of information leakage, increase the awareness of information security, and provide education on and ensure rule compliance, the Sanden Group holds regular training sessions at Group companies, including all overseas companies. Especially for new employees, group training is provided not only about IT security related items for special attention but also regarding the usage of IT in the Sanden Group and basic approach to security with the aim of deepening their understanding of these matters.
Please note that as part of activities to increase security awareness, employees who have been educated about security, are obliged to sign a pledge to abide by security regulations.

Results in FY2022
Continuing from fiscal 2021, we have seen a series of cases of unauthorized access due to targeted attacks. Business email fraud has also increased, causing financial damages around the world.
Although at the Sanden Group, there had been no report of damage from such attacks, we provided IT security education and training against targeted email attacks to all IT users both in Japan and overseas to raise their security awareness.

Sanden will continue to strive to reduce the risk of information leaks and raise company-wide awareness of information security in line with trends in the world and the trending IT-related laws and regulations.

The leakage of the important information about customers is an important business issue which leads to losing corporate trust, so we are working on the following measures.

Results in FY2022
With cyberattacks becoming more sophisticated and diverse, a large number of cyberattack incidents—including ransomware attacks and unauthorized access—have been reported worldwide. In response, we strengthened measures against attacks that exploits vulnerabilities in computer systems and software, one of major causes of unauthorized access.
These measures have enabled us to take prompt action against known vulnerabilities and further reinforce our defense against sophisticated threats to prevent information leakage.
There were no information security incidents, such as complaints about infringement of customer privacy (complaints received from outside parties, approved by the organization or by regulators) and the leakage, theft or loss of customer data.

To strengthen security in the Group’s global communications environment and enhance its operational efficiency, we are working on the reinforcement of our information system infrastructure by using an optimal cloud environment.

Results in FY2022
As a continuing activity from fiscal 2021, we have been working on promoting the utilization of cloud-based communication environments. In addition to strengthening information security, we have been creating environments that make it easy to share schedules/documents and hold online meetings Group-wide on various devices.

The Sanden Group conducts IT surveys each year on a global basis to ascertain and raise the level of IT risk management.

Results in FY2022
We are helping Group companies identify problems and rapidly solve them by continuously revising assessment items based on recent trends, incidents, and accidents.
In fiscal 2022, there were no serious security risks in the Sanden Group’s systems. Even so, we are striving together with Group companies to enhance our risk countermeasures according to the priorities we have set.

To improve the level of IT security, it is important to autonomously implement the PDCA cycle. With this in mind, an IT internal control and internal and external audits are completed each year in order to grasp the level of IT security and to improve weak points.

Results in FY2022
Sanden conducted internal and external audits on important systems related to financial reporting. No deficiencies that might lead to major issues were cited in the audit reports.
We will continue to standardize our auditing processes and strive to create and maintain an optimal IT environment by strengthening our pre-audit systems.
In addition，the IT Division of Sanden Corporation obtained the certification to ISO 27001, which is the international standard for information security last year. We are now making company-wide efforts to enhance security by building the system to promote information security.