Information SecurityGovernance

Information Security Policy

At Sagawa Express, we believe it is our social responsibility to protect our information assets. We are thus working to reinforce our information security based on the SG Holdings Information Security Basic Policy and Personal Information Protection Policy.

Information Security Basic Policy

At Sagawa Express, as we aim to support economic and social development and become a company that contributes to society, we believe it is our social responsibility to protect our information assets, including the information assets provided to us by our customers. As such, we will strive to maintain and manage information security based on the Information Security Basic Policy (hereinafter "Basic Policy") formulated by SG Holdings Co., Ltd.

Development and Implementation of Internal Rules

Based on this Basic Policy, we will develop our information security regulations and other rules and implement information security measures.

Development of an Information Security Management System

In addition to developing a management system for information security, we will build and operate other relevant systems to work with external institutions and other organizations as necessary.

Information Security Measures

We will take appropriate information security measures to prevent the falsification, loss, leakage, fraudulent intrusion, or other interference with the use of information assets.

Continuous Implementation of Education

We will strive to promote understanding of the Basic Policy among company officers and employees through the continuous implementation of necessary information security education.

Response to Accidents

In the event that an accident occurs, we will promptly investigate the causes, and in addition to preventing the damage from expanding, we will implement recurrence prevention measures.

Compliance with Laws and Regulations, etc.

We will strictly comply with laws and regulations, internal rules, etc., related to information security.

Evaluation and Review of Information Security Activities

We will regularly review whether our information security measures are appropriately being implemented, maintained, and managed, and implement improvement measures as necessary.

Information Security Response

In our information security activities, not only do we ensure rapid response in the event of an incident, we carry out improvement activities to prevent incidents in advance and prevent their recurrence. Through these activities, we are able to continuously enhance the level of security at the SG Holdings Group.


Building a Support System to Respond to Security Incidents and Collect Information

Purpose From the occurrence to the conclusion of a security incident, aim to minimize damage alongside SGH-CSIRT (SG Holdings Computer Security Incident Response Team).
Implementation Details Prevention activities in times of normality
SGH-CSIRT (SG Holdings Computer Security Incident Response Team) activities
  • Collection of threat information and impact surveys
  • Development of operational processes, procedures, rules, and regulations for CSIRT​
  • Accumulation and organization of knowledge​
  • Coordination with external organizations
    Nippon CSIRT Association, JPCERT/CC Security Alerts, National Center of Incident Readiness and Strategy for Cybersecurity, Initiative for Cyber Security Information Sharing Partnership of Japan, and Transportation ISAC Japan​
  • Maintenance and management of server environment used to analyze logs when responding to incidents
Incident response/proposals for incident recurrence prevention measures
  • Minimization of damage from cyber attacks
  • Development of operational processes, procedures, rules, and regulations for CSIRT​
  • Malware analysis
  • Response availability
    24 hours a day 365 days a year (for attacks that require emergency response)

Examination of Measures Based on the Security Roadmap

Purpose Reflect the latest threats and circumstances into measures under the Security Roadmap and optimize them based on degree of priority.
Implementation Details Examination of measures for FY2021 based on the Security Countermeasure Roadmap

Drills Simulating Targeted Email Attacks

Purpose By regularly hosting response drills to Group employees for identification of and response to threats via email, reduce malware infection risks and improve Group network security.
Implementation Details
  • Twice yearly implementation
  • Upgrading of content as necessary based on social conditions, etc.
  • Examination of drills including reporting by email readers to their superiors
  • Analysis based on roles and departments, etc.
  • Examination of questionnaires and individual education for departments and individuals who frequently read emails
  • E-learning and read-throughs of the Security Book

Related Content