Information SecuritySustainability
Fundamental Approach
At JERA, our mission is to provide cutting-edge solutions to the world's energy issues. The use of information technology is indispensable for achieving this mission, and we have established the JERA Group Information Security Basic Policy to protect our information assets and enhance the safety of transactions.
Cybersecurity Management System
Diagram of Cybersecurity Management Structure(as of July 1, 2024)
To promote cybersecurity, we have established a structure for managing cybersecurity risks under the responsibility of senior management and our Chief Information Security Officer (CISO).
The Security Subcommittee, headed by the CISO, has been established to promote cybersecurity activities during normal operations in coordination with the Risk Management Committee, which oversees the entire risk management structure.
Moreover, we have established security management functions and a Security Incident Response Team (SIRT) to assist the CISO and management in overseeing cross-organizational security measures and incident response.
Enhancing Information Security Measures
The scope of the Information Security Basic Policy extends to all personnel involved in operations and all resources used in operations, such as materials and environments. It aims to manage and protect related information assets while strengthening security measures to address risks such as cyberattacks.
There continued to be no serious incidents related to information security or the protection of personal information in FY2023.
We continuously educate all employees who handle information assets to raise their awareness of information security and improve their skill levels. Our aim is to ensure thorough compliance with this policy and relevant laws and regulations.
In addition, all employees are given a "Security Card" that outlines compliance matters to raise awareness of information security and to ensure a swift response in the event of an information security incident.
Moreover, we conduct ongoing training on targeted e-mail attacks for all employees and offer e-learning and other programs to reduce the risk of information leaks and computer viruses arising from such attacks.
The results for FY2023 are as follows.
Education and Training on Information Security (FY2023)
| Security Education |
|
|---|---|
| Targeted E-mail Attack Training |
|
At JERA, we have put together a roadmap for future security measures, including a plan to establish a global security infrastructure to improve information security across the entire group.
In addition, to promote operational efficiency through the use of secure generative AI, we have formulated the "JERA AI Usage Guidelines," which include security compliance items and usage instructions. We have shared these guidelines with officers and employees.
Enhancement of Information Security Measures for Domestic and Overseas Group Companies
We refer to the Cybersecurity Management Guidelines established by the Ministry of Economy, Trade and Industry (METI) to review and implement security measures for the JERA Group. We are also promoting security management at group companies both in Japan and overseas while strengthening security through risk management and security education. In addition, in March 2024, we obtained Information Security Management System (ISMS) certification for some operations at group company JERA Cross.