Information Security

SHARE

x
in

Governance Structure

The LIXIL Corporation and its group companies have established the Information Security Committee, which is chaired by the executive officer in charge of Digital & IT, as a subordinate body to the Board of Executive Officers. In addition, two subcommittees, the Data Privacy Governance Subcommittee and the Information System Security Subcommittee, are formed under the Information Security Committee to scrutinize specialized fields pertaining to information security and advise the committee. The committee meets once every three months in principle and consists of executive officers and senior managers from corporate functions and business divisions, as well as subcommittees leaders or persons designated by officers or managers. The committee’s main activities include:

  • Reporting the current status of security measures
  • Sharing information pertaining to the latest trends in the security arena
  • Determining and approving policy on information security measures

We also hold ad hoc committee meetings when an urgent response is required if, for example, critical vulnerabilities that threaten information security are discovered or a serious information security incident occurs.

The committee chair reports any policy on measures for important information security-related matters to the Board of Executive Officers, and the Board of Executive Officers resolves on necessary matters. The Board of Executive Officers makes decisions on the formation or revision of the Information Security Policy and other LIXIL’s information security-related rules. Important matters relating to information security are also reported to the Board of Directors by the executive officer in charge of Digital & IT, who is also the chair of the Information Security Committee, and directors provide advice and guidance on the current status of information security activities and systems.

Management Structure

The group has established and operated the information security management system based on the Information Security Policy that stipulates the basic matters pertaining to the use and protection of information assets. The policy applies to all personnel*, and all other people engaged in the group’s business. The information security function cooperates with other relevant functions to monitor compliance with the policy and respond to information security incidents.

We have also compiled the Detailed Rules for Information System Security and set up the necessary systems to facilitate effective information security/cyber security measures and risk management. Anyone within the group who notices any information security risks or anything unusual must promptly report the incidence to the information security function. The information security function will then assess and respond to the incident according to the predetermined response flows. The detailed rules stipulate that the incident response flows and emergency contacts must be reviewed at least once a year.

* Including part-time employees and other indirectly employed staff

Information Security of Products and Services

LIXIL is committed to the early detection and remediation of vulnerability information to ensure information security throughout all processes of our products and services, from design and development to disposal. We have established a dedicated contact point for handling vulnerabilities, creating a system that enables us to respond promptly based on reports from customers and external parties. Furthermore, by disclosing vulnerability information in a timely manner, we strive to ensure product safety and create an environment where customers can use our products securely. We accept vulnerability information from customers and external parties via the reporting form in our Product Vulnerability Disclosure Policy.

Product Vulnerability Disclosure Policy (PDF: 113KB) >
Product Vulnerability Information (PDF: 41KB) >

Information Security Training

We believe it is important to build a corporate culture where everyone at the group is encouraged to view security as a matter that impacts them directly and take preventative measures, and to promptly seek advice from the information security function if they notice anything unusual, which enables us to respond effectively to increasingly sophisticated cybersecurity risks.

Every year, we conduct e-learning information security training sessions for all personnel* of LIXIL Corporation and its group companies who have a company account. The training materials are published in multiple languages to make them more accessible to employees and increase employee understanding.

If an employee is judged to have committed an act that constitutes a security risk, such as the unauthorized use or inappropriate use of information, action will be taken, including the temporary restriction of that user’s access. These educational and preventative measures are designed to ensure a more attentive response to security risks and to strengthen the operational capabilities of the whole group with respect to information security.

In addition to the provision of regular training opportunities, we also strive to improve information security awareness through our internal social media channels. Ongoing communication seeks to alert employees to inherent risks in their daily working lives, such as the sending and receiving of emails and electronic files. We also share actual inquiries and reports submitted to the information security function to help improve employee awareness.

* Including part-time employees and other indirectly employed staff

SHARE

x
in
PageTop