Basic Policy on Information Security

MITSUI E&S group, guided by the corporate philosophy of "We build trust and contribute to society through our engineering and services." is committed to protecting our information assets from threats such as accidents, crimes, and negligence. We strive to maintain and enhance information security to ensure the stable growth of our business activities in collaboration with our customers and partners.


The establishment and enhancement of internal regulations and guidelines

As a basic policy, we have established the "IT Basic Control Regulations" and developed the "Information Security Measures", which all officers and employees of our group are required to follow.


Structure

Under the direction of the Chief Information Security Officer (CISO), IT Control Sect., Corporate Planning Dept. takes the lead in implementing specific measures.
Additionally, to address information security incidents, we have established a Computer Security Incident Response Team (CSIRT), ensuring proactive preparedness before incidents occur. In the event of an unforeseen situation, we respond promptly and accurately.


About Information Security Measures

Acquiring information

MITSUI E&S actively collaborates with relevant government agencies and security vendors to obtain timely information related to information security. Through these efforts, we aim to ensure prompt and effective responses.

System

MITSUI E&S implements comprehensive and multilayered security measures by deploying various security tools, taking into consideration the specific characteristics and risks associated with internal devices, servers, and networks.

Operation

MITSUI E&S has established a monitoring framework for networks and IT devices through its Security Operation Center (SOC) and collaborates with the internal Computer Security Incident Response Team (CSIRT) to effectively respond to security incidents. 

Education & Training

MTSUI E&S regularly conducts information security training tailored to the roles and responsibilities of executives, IT personnel, and general employees. Furthermore, to enhance practical response capabilities against cyberattacks, we regularly conduct practical exercises such as targeted email attack simulations.