Information Security

SHARE

x
in

Governance Structure

The LIXIL Corporation and its group companies have established the Information Security Committee, which is chaired by the executive officer in charge of Digital & IT, as a subordinate body to the Board of Executive Officers. In addition, two subcommittees, the Data Privacy Governance Subcommittee and the Information System Security Subcommittee, are formed under the Information Security Committee to scrutinize specialized fields pertaining to information security and advise the committee. The committee meets once every three months in principle and consists of the executive officers in charge of Accounting & Finance, Human Resources & Public Relations, Digital & IT, Legal & Compliance, LIXIL Housing Technology and LIXIL Water Technology Japan, and an executive officer of LIXIL International, as well as leader of Living Division, subcommittees leaders or persons designated by those officers or leaders. The committee’s main activities include:

  • Reporting the current status of security measures
  • Sharing information pertaining to the latest trends in the security arena
  • Determining and approving policy on information security measures

We also hold ad hoc committee meetings when an urgent response is required if, for example, critical vulnerabilities that threaten information security are discovered or a serious information security incident occurs.

The committee chair reports any policy on measures for important information security-related matters to the Board of Executive Officers, and the Board of Executive Officers resolves on necessary matters. The Board of Executive Officers makes decisions on the formation or revision of the Information Security Policy and other LIXIL’s information security-related rules. Important matters relating to information security are also reported to the Board of Directors and the Audit Committee by the executive officer in charge of Digital & IT, who is also the chair of the Information Security Committee, and directors provide advice and guidance on the current status of information security activities and systems.

Management Structure

The group has established and operated the information security management system based on the Information Security Policy that stipulates the basic matters pertaining to the use and protection of information assets. The policy applies to all personnel*, and all other people engaged in the group’s business. The information security function cooperates with other relevant functions to monitor compliance with the policy and respond to information security incidents.

* Including part-time employees and other indirectly employed staff

We have also compiled the Detailed Rules for Information System Security and set up the necessary systems to facilitate effective information security/cyber security measures and risk management. Anyone within the group who notices any information security risks or anything unusual must promptly report the incidence to the information security function. The information security function will then assess and respond to the incident according to the predetermined response flows. The detailed rules stipulate that the incident response flows and emergency contacts must be reviewed at least once a year.

Information Security Training

We believe it is important to build a corporate culture where everyone at the group is encouraged to view security as a matter that impacts them directly and take preventative measures, and to promptly seek advice from the information security function if they notice anything unusual, which enables us to respond effectively to increasingly sophisticated cybersecurity risks.

Every year, LIXIL conduct e-learning information security training sessions for all personnel* of LIXIL Corporation and its group companies who have a company account. The training materials are published in multiple languages to make them more accessible to employees and increase employee understanding.

* Including part-time employees and other indirectly employed staff

If an employee is judged to have committed an act that constitutes a security risk, such as the unauthorized use or inappropriate use of information, action will be taken, including the temporary restriction of that user’s access. These educational and preventative measures are designed to ensure a more attentive response to security risks and to strengthen the operational capabilities of the whole group with respect to information security.

In addition to the provision of regular training opportunities, we also strive to improve information security through our internal social media channels. This communication seeks to alert employees to inherent risks in their daily working lives, such as the sending and receiving of emails and electronic files. We also share actual inquiries and reports submitted to the information security function to help improve employee awareness.

SHARE

x
in
PageTop