DNP has a core strength in information security technology and know-how built up in the application of information assets entrusted to us by companies and consumers as well as our own information assets. We leverage this strength to provide new value through highly secure and reliable products and services.
Medium-to long-term vision
We ensure the exceptional security of personal information and all other information assets through management and protection as part of the social responsibility of a company handling such information assets.
SDGs Covered by the Vision
Performance Indicators to Monitor the Progress in Achieving the Vision and Activity Results
||For most-recent fiscal year results|
Structure to Promote Management
Structure to Promote Management
Since establishing the Office for the Protection of Personal Information in 1999, DNP has continued to strengthen our information security measures in response to changes in the security environment in Japan and overseas. We established the Information Security Committee and Information Security Headquarters, which are supervising organizations for Company-wide management to provide inspection and guidance for business unit and Group companies. The corporate officer in charge of the head office serves as the committee chief. Also, Information Security Committees have been established in each of the business units and Group companies, in which under the direction of the committee chief and person responsible for managing personal information (together with the heads of each operating unit), they handle issues such as education, security area measures and information security measures, as well as taking responsibility for inspections. Information Security Committees have been set up at overseas Group companies since 2015.
DNP is undertaking information security related measures with a particular focus on organizational measures, human measures and physical and technical measures.
Maintaining internal procedures and rules
Personal information protection includes the development of the Personal Information Protection Policy and the Regulations within the Group. We also developed the Basic Personal Information Policy and Basic Personal Information Regulation, under which 10 standards have been established concerning information security, including those for document control, computer usage, restricted areas, education, website and social media. We rapidly send out notices and establish or revise our rules in response to new threats and risks, and we make sure that employees are thoroughly informed about them.
Establishment of a management system
DNP ensures thorough legal compliance, attaining the Privacy Mark in July 2008, and is promoting the establishment of a management system in compliance with the Japanese Industrial Standards, “Personal Information Protection Management System Requirements” (JISQ15001). We are also actively making progress toward acquiring the Privacy Mark and ISO / IEC27001 at all business units and Group companies handling personal information in the course of business activities.
Strengthening information security through human resources development
DNP provides ongoing education and training to all employees, particularly personnel responsible for strengthening information security. We prepare teaching materials in 10 languages, including Japanese, to make sure our education covers all employees. Training courses are provided via groups to personnel in charge of strengthening information security, and the Group company CP Design Consulting, Ltd., which provides consulting related to personal information protection, offers practical courses based on DNP’s products and services.
Physical and Technical Measures
Measures in divisions handling personal information
Various measures are in place at the Data Processing Offices handling personal information and other important data, including controls for entering/leaving a building (room) using biometrics to ensure that unauthorized persons cannot access the facilities, surveillance cameras that keep improper behavior in check and pocket-free uniforms for on-site workers so that data cannot be taken off-site. We also separate the locations where information is written to media, employ checks using metal detectors, implement and verify access logs, and reduce the number of employees engaged in the work of writing to recording media. These and other measures serve to further strengthen control.
Measures at operational bases using smart card employee IDs
DNP is promoting a variety of information security measures using smart card employee IDs. We are increasing the number of operational bases with a security gate system in which employees need the smart card to enter and leave the building or factory. We are also adding a function enabling the integrated management of a multi-purpose machine usage logs by the manager on a server by requiring authentication via smart card when printing.
Initiatives for the safe delivery of information
DNP has introduced a tool to prevent the erroneous transmission of email with such functions as destination identity verification, attachment file verification, mandatory encryption and the temporary holding of outgoing mail. The aim is to prevent information leaks through erroneous transmission when employees send email outside the Group.
In addition, we are operating a system when transferring the personal data of clients via a network.
Corruption measures for website
DNP conducts vulnerability tests twice a year for all internet servers handling personal information that are run by the Group to ensure more secure and robust website creation and management.
Promoting Information Security Measures in the Industry
To enhance personal information protection throughout the printing industry, DNP dispatches employees with sophisticated technical knowledge to personal information protection working groups run by the information security committee of the Japan Federation of Printing Industries. The employees participate in making guidelines for personal information protection, Q&A and formulating and preparing educational materials. (Two DNP employees have been stationed there since 2004.)
DNP’s Main Initiatives
Responding to Targeted Attacks (Multilayered Countermeasures/Training on Email Attacks, etc.)
Now that cyber attacks are becoming increasingly artful and complex, it is no longer sufficient to rely solely on conventional border protection measures aimed at not allowing threats to enter a company’s computer systems.
DNP is constructing multilayered countermeasures based on unique security solutions that combine—in addition to the conventional “inbound measures” that address things like system vulnerabilities and keeping out viruses—“internal measures” for preventing and containing damage in the event that an intruder does manage to infiltrate the system, and “outbound measures” that prevent information from being illicitly transmitted outside the system. DNP promotes Security By Design, whereby protective functions are built into a computer system from the development stage, as well as measures for counteracting new threats such as periodic inspection of systems already in use to check for vulnerabilities. Based on this expertise, the DNP Group company Cyber Knowledge Academy Co., Ltd. provides educational programs for training personnel to counter cyber attacks. DNP also belongs to the Nippon CSIRT Association, whose industry-wide members share information and cooperate across company lines to enhance cyber security.
Measures to Counter the Dark Web (Combat Illicit Use of ID/Password, etc.)
DNP has started running an integrated security log analysis system known as SIEM (Security Information and Event Management) that enables swift response to a security incident to prevent damage from spreading through automatic and efficient detection of suspicious server communication as well as quick examination of logs and response in the event of a security incident. DNP also conducts organized activities through DNP-CSIRT (DNP Group Computer Security Incident Response Team: 3 full-time workers and 17 with concurrent posts) to share information with external organizations such as the Nippon CSIRT Association and enhance its level of defense. Moreover, DNP has personnel seconded to the Information-technology Promotion Agency, Japan (IPA), an independent administrative organization, and participates in long-term education at IPA’s Industrial Cyber Security Center of Excellence with the aim of improving the skill level of its human resources in the field of cyber security.
Global Initiatives for Improving Employee Information Security Literacy
DNP is promoting initiatives globally to improve the information security literacy of its employees. To promote information security management at overseas group companies, we are independently creating our own educational tools in 10 languages, including Japanese, as we strive to expand and upgrade our education in this area.