DNP has a core strength in information security technology and know-how built up in the application of information assets entrusted to us by companies and consumers as well as our own information assets. We leverage this strength to provide new value through highly secure and reliable products and services.
Medium-to long-term vision
We ensure the exceptional security of personal information and all other information assets through management and protection as part of the social responsibility of a company handling such information assets.
SDGs Covered by the Vision
Performance Indicators to Monitor the Progress in Achieving the Vision and Activity Results
||For most-recent fiscal year results|
Structure to Promote Management
Structure to Promote Management
Since establishing the Office for the Protection of Personal Information in 1999, DNP has continued to strengthen our information security measures in response to changes in the security environment in Japan and overseas. We established the Information Security Committee and Information Security Headquarters, which are supervising organizations for Company-wide management to provide inspection and guidance for business unit and Group companies. The Senior corporate officer in charge of the head office serves as the committee chief. Also, Information Security Committees have been established in each of the business units and Group companies, in which under the direction of the committee chief and person responsible for managing personal information (together with the heads of each operating unit), they handle issues such as education, security area measures and information security measures, as well as taking responsibility for inspections. Information Security Committees have been set up at overseas Group companies since 2015.
Moreover, in October 2021 DNP-CSIRT (DNP Computer Security Incident Response Team) was established as a cybersecurity response organization. By strengthening collaboration with each organization and preparing for cyber attacks, DNP will maintain business continuity in the event of any unforeseen circumstances (incidents). Under this structure to promote management, DNP is undertaking information security related measures with a particular focus on organizational measures, human measures, and physical and technical measures.
Maintaining internal procedures and rules
Personal information protection includes the development of the Personal Information Protection Policy and the Regulations within the Group. We also developed the Basic Personal Information Policy and Basic Personal Information Regulation, under which 10 standards have been established concerning information security, including those for document control, computer usage, restricted areas, education, website and social media. We rapidly send out notices and establish or revise our rules in response to new threats and risks, and we make sure that employees are thoroughly informed about them.
Establishment of a management system
DNP ensures thorough legal compliance, attaining the Privacy Mark in July 2008, and is promoting the establishment of a management system in compliance with the Japanese Industrial Standards, “Personal Information Protection Management System Requirements” (JISQ15001). We are also actively making progress toward acquiring the Privacy Mark and ISO / IEC27001 at all business units and Group companies handling personal information in the course of business activities.
Strengthening information security through human resources development
DNP provides ongoing education and training to all employees, particularly personnel responsible for strengthening information security. We prepare teaching materials in 10 languages, including Japanese, to make sure our education covers all employees. Training courses are provided via groups to personnel in charge of strengthening information security, and the Group company CP Design Consulting, Ltd., which provides consulting related to personal information protection, offers practical courses based on DNP’s products and services.
Furthermore, as cyber security training for DNP CSIRT, we are implementing in-house practical training programs for measures against cyber attacks that we provide through Cyber Knowledge Academy Co., Ltd., a Group company.
Physical and Technical Measures
Measures in divisions handling personal information
Various measures are in place at the Data Processing Offices handling personal information and other important data, including controls for entering/leaving a building (room) using biometrics to ensure that unauthorized persons cannot access the facilities, surveillance cameras that keep improper behavior in check and pocket-free uniforms for on-site workers so that data cannot be taken off-site. We also separate the locations where information is written to media, employ checks using metal detectors, implement and verify access logs, and reduce the number of employees engaged in the work of writing to recording media. These and other measures serve to further strengthen control.
Measures at operational bases using smart card employee IDs
DNP is promoting a variety of information security measures using smart card employee IDs. We are increasing the number of operational bases with a security gate system in which employees need the smart card to enter and leave the building or factory. We are also adding a function enabling the integrated management of a multi-purpose machine usage logs by the manager on a server by requiring authentication via smart card when printing.
Initiatives for the safe delivery of information
DNP has introduced a tool to prevent the wrong transmission of email with such functions as destination identity verification, the temporary holding of outgoing mail. The aim is to prevent information leaks through wrong transmission when employees send email outside the Group.
In addition, we are operating a system that securely transfers the personal data of clients via a network.
Security controls for website vulnerability
DNP conducts vulnerability tests twice a year for all internet servers handling personal information that are run by the Group to ensure more secure and robust website creation and management.
DNP has also introduced a rating service that utilizes various types of data to objectively evaluate, analyze and visualize risks related to cyber security and continuously monitors these risks.
Promoting Information Security Measures in the Industry
To enhance personal information protection throughout the printing industry, DNP dispatches employees with sophisticated technical knowledge to personal information protection working groups run by the information security committee of the Japan Federation of Printing Industries. The employees participate in making guidelines for personal information protection, Q&A and formulating and preparing educational materials. (Two DNP employees have been stationed there since 2004.)
DNP’s Main Initiatives
Response to Cyber Attacks
Response through DNP CSIRT (Computer Security Incident Response Team)
As a supervising organization responsible for overall cybersecurity, DNP Group CSIRT will implement the following activities for the entire Group in Japan and overseas in addition to performing its basic functions of strengthening security.
- Visualize ICT infrastructure and implement countermeasure instructions based on security vulnerability information and confirm the status of application.
- Design of and proficiency in countermeasures in the event of any unforeseen circumstances (incidents)
- Instructions and support for various organizations in the event of any unforeseen circumstances (incidents)
- Education, practical exercises and awareness of cybersecurity
- Collaboration with external organizations such as the National center of Incident readiness and Strategy for Cybersecurity (NISC) and Nippon CSIRT Association
- Enrollment in and application of cyber risk insurance
Strengthen internet access security and endpoint security controls
Based on the conventional concept of perimeter security controls that protect boundaries between the Internet and internal networks, DNP is strengthening measures against unknown viruses, analyzing network monitoring devices and security logs and strengthening early detection of incidents.
Recent years have witnessed rapid changes in corporate activities and people’s lives spurred by such factors as the promotion of DX, the use of external clouds, and the adoption of remote work that has accelerated due to the COVID-19 pandemic. DNP anticipates such changes and continuously reviews its security measures to enhance security for the use of digital networks. For example, we are working to strengthen internet access security as well as bolster the security of endpoints for each type of terminal such as personal computers and servers. Even in the unlikely event that unauthorized access is detected and an alert (alarm) is issued, after isolating the terminal suspected of being infected with malware (malicious software), DNP CSIRT will play a central role in promptly detecting and responding to incidents, such as by identifying intrusion routes, ascertaining the status of the spread, and blocking communications.
Training in measures against targeted attack emails
Targeted attack emails are a criminal technique in use for more than 10 years. Recently, however, the content of these emails has become more elaborate and this type of email has emerged as a major threat both in Japan and abroad. DNP is responding by implementing drill four times per year to ensure employees possessing Company email accounts understand the characteristics of attack emails and take appropriate steps when such attack emails are received. This drill helps prevent targeted attacks and minimizes any damage such as information leaks.
Practical training for essential personnel involved with cyber attack countermeasures
Cyber Knowledge Academy, a Group company, has introduced the training system TAME Range from Israel Aerospace Industries (IAI), of Israel, which is an advanced country in cybersecurity, and holds lectures and exercises that incorporate a variety of actual cases ranging from typical attack methods to the most-recent incidents.
To date, we have trained cybersecurity specialists by holding lectures, drills and various types of training for more than 6,500 security personnel from government agencies and approximately 240 companies, including those in the information and communications, aviation, and electric power sectors. (as of May 2022)
Global deployment of information security management
DNP is striving to strengthen governance by transitioning from systems that were previously utilized individually by each overseas base to a shared system that maximizes use of the cloud. This transition will ensure conformance with security standards across the entire DNP Group at domestic and overseas bases, which have different environments and cultures.
Additionally, to promote information security management at overseas group companies, we are independently creating our own educational tools in 10 languages, including Japanese, as we promote initiatives globally to improve the information security literacy of our employees.