Information Security

Basic Policy on Information Security

As a member of the JFE Group, JFE Systems applies the JFE Group's Risk Management Policy* as a guiding standard in its business activities. It has also established the following JFE Systems Basic Policy on Information Security.

* See the JFE Holdings, Inc. website

Information security principles

In realizing Our Corporate Philosophy, we see the following three principles as fundamentals of our business activities from an information security perspective, which also constitute our social responsibilities:

(1) Ensuring appropriate information security in the products and services we provide to customers

(2) Safeguarding and properly handling the information assets disclosed to or entrusted with us by our customers or business partners

(3) Protecting and properly handling our trade secrets, technical information, and other valuable information

Information security implementation policies

Based on the above principles, we hereby declare that we will conform to the following five policies for implementing appropriate protection and other measures for information assets under our management:

1. We will comply with and rigorously implement laws and regulations, national guidelines, and other standards, policies, and internal rules.
2. We will specify officers responsible for information security and develop rules, systems, etc. under their direction.
3. We will strive to avoid risks such as unauthorized access to, loss of, destruction of, unauthorized alteration of, or leakage of information by implementing appropriate information security measures in accordance with the importance of respective information assets. In case of the occurrence of any of such risk events, we will take corrective measures immediately.
4. We will implement awareness raising and training activities concerning information security for all employees, including management, to raise awareness of information security and to ensure thorough compliance with this Policy.
5. We will continually strive to improve various measures established under this Policy while responding with a sense of urgency to changing social conditions and technologies.

Established: June 1, 2017
JFE Systems, Inc.
President & CEO Tetsuo Oki

Our information security management structure

The Quality Management Dept. is responsible for promoting activity plans covering companywide information security measures and implementing management reviews, which are discussed and reviewed by the Information Security Committee with management participation.

Under the direction of the section information management supervisor, information security is implemented in each section through joint efforts among the section information security manager, staff in charge of personal information management, and system administrators and staff.

The JFE-Security Integration and Response Team (JFE-SIRT)

In 2015, the JFE Group established the JFE-Security Integration and Response Team (JFE-SIRT), an internal Computer Security Incident Response Team (CSIRT) intended to safeguard Group information assets from increasingly sophisticated cyberattacks and information leaks.

JFE Systems strives to enhance information security measures through participation in this team.