Information Security Policy
Basic Policy on Information Security
MITSUI E&S group, guided by the corporate philosophy of "We build trust and contribute to society through our engineering and services." is committed to protecting our information assets from threats such as accidents, crimes, and negligence. We strive to maintain and enhance information security to ensure the stable growth of our business activities in collaboration with our customers and partners.
The establishment and enhancement of internal regulations and guidelines
As a basic policy, we have established the "IT Basic Control Regulations" and developed the "Information Security Measures", which all officers and employees of our group are required to follow.
Structure
Under the direction of the Chief Information Security Officer (CISO), IT Control Sect., Corporate Planning Dept. takes the lead in implementing specific measures.
Additionally, to address information security incidents, we have established a Computer Security Incident Response Team (CSIRT), ensuring proactive preparedness before incidents occur. In the event of an unforeseen situation, we respond promptly and accurately.
About Information Security Measures
Acquiring information
MITSUI E&S actively collaborates with relevant government agencies and security vendors to obtain timely information related to information security. Through these efforts, we aim to ensure prompt and effective responses.
System
MITSUI E&S implements comprehensive and multilayered security measures by deploying various security tools, taking into consideration the specific characteristics and risks associated with internal devices, servers, and networks.
Operation
MITSUI E&S has established a monitoring framework for networks and IT devices through its Security Operation Center (SOC) and collaborates with the internal Computer Security Incident Response Team (CSIRT) to effectively respond to security incidents.
Education & Training
MTSUI E&S regularly conducts information security training tailored to the roles and responsibilities of executives, IT personnel, and general employees. Furthermore, to enhance practical response capabilities against cyberattacks, we regularly conduct practical exercises such as targeted email attack simulations.