1. Home
  2. SUSTAINABILITY
  3. Compliance and Risk Management
  4. Information Security Management

Information Security Management

Policy Related to Information Security

Shiseido establishes “Shiseido Group Information Security Policy” for all persons working in the Shiseido Group to protect and maintain various essential information assets owned by business sites of the Group by setting robust information security. Under this Group-wide basic policy, we strive to manage and operate various information assets. Employees receive continuous education on information security, such as annual training through e-learning.

Policy Related to Protection of Personal Information

Shiseido deeply recognizes the importance of personal information acquired through business and other relevant activities and considers it a social responsibility to thoroughly protect such information. Therefore, we have established the “Shiseido Group Privacy Rule” to which all employees of the Shiseido Group should adhere. All companies in the Shiseido Group endeavor to ensure the protection of personal information.

Details of Shiseido’s policy on the protection of personal information are available in its Privacy Policy.

Information Security Management Systems

(1) Management structure

The Shiseido Group has established information security management systems, and the Chief Information Security Officer (CISO) has been appointed their representative. The CISO assumes overall responsibility for the handling of information assets and information systems, and engages in the planning and implementation of information security strategies and initiatives while communicating with the management team.

The CISO also supervises the activities carried out by each Group company to promote information security management. Those activities are related to the development and enforcement of rules and guidelines regarding confidential information control, personal information protection, information system management and information security measures; installing safety measures; and providing training/education/awareness programs. The heads of offices, departments and affiliates in Japan are appointed as information security managers responsible for the implementation of information security-related initiatives at their respective organizations. At regional headquarters outside Japan, an information security contact has been installed to regularly communicate with the CISO, in order to ensure continued efforts to maintain and improve the Group’s overall information security activities.

Shiseido Information Security Management

Shiseido Information Security Management

(2) Development of policies and rules

Establishment of information security-related rules

Establishment of information security-related rules

Information Security Enhancement Initiatives

(1) Employee training/education/awareness

The Shiseido Group conducts information security e-learning programs on a regular basis to maintain and improve employee awareness. We provide guidance to new graduate and mid-career hires during orientation sessions to instill the importance of information security management in our personnel from the time they start with the Group.

To keep employees updated about information security issues, the latest information is posted on our internal portal site and sent to the entire workforce via e-mail.

Training for all employees

Training for all employees

Internal email magazine

Internal email magazine

(2) Information security audit/vulnerability check

(3) Information security incident response

Incident response system

(4) Third-party assessment