Information security management
To ensure security of information systems and the smooth business activities of the Company, we developed the Rules for Information Security Management and the Information Security Management Standards and ensured that all employees were fully familiar with them.
- 1Security of customer information (personal information)
- 2Security of intellectual property rights
- 3Confidentiality obligation
- 4Compliance with laws and regulations, obligation of compliance with regulations and penalties
- 5Management of information assets
- 6Formulation of security measure standards (Development standard, management standard, outsourcing standard)
- 7Monitoring and supervision
- 8Protecting systems from computer viruses
- 9Access authority control
- 10Information security education
- 1Management of connection to ML-net (in-house network)
- 2Rules for e-mail use
- 3Rules for dispatching information
- 4Rules for connection with networks outside the Company
Specific items to be observed regarding use and operation of the in-house network are specified in the ML-net Operation and Management Standards.
- 1Rules of use
- 2Operation and management of ML-net
- 3Installation of ML-net lines
- 4Procedures for using cloud computing
Also, we appoint a LAN manager from each branch's information system section and OA promotion staff from the relevant section of each division that uses the network, ensuring safety and the effective use of our in-house network.
Continuous initiatives to improve information security
To improve the level of information security, Mitsubishi Logistics Corporation regularly monitors all employees using information security operation management tools.
Meanwhile, our Tokyo Branch Trunk Room Office and Dia Systems Corporation (our subsidiary that develops and operates our information systems) were certified by ISO27001, the international standard for information security management systems. The Trunk Room Office strives to maintain and improve information security and give customers a stronger sense of security, performing collection and distribution operations of information storage media such as documents and magnetic tapes. Dia Systems Corporation meanwhile strives to maintain and improve quality related to the use, development, and operation of information systems.
- 1Appropriate and effective implementation of information security measures
- 2Streamlining of management and operation and continuation of the established PDCA (Plan, Do, Check, Action) cycle
- 3Validation of measures and visualization of problems, etc.
PDCA cycle of Dia Systems Corporation
- 1.P (PLAN)
- The information system division formulates operation measures and check items.
- 2.D (DO)
- Regularly send operation check items in questionnaire form to all employees who use the ML-net (in-house network) by e-mail and collect their responses.
- 3.C (CHECK)
- Output an analysis report of the responses from various viewpoints.
- 4.A (ACTION)
- For defective check items, the information system division develops improvement measures and provides instructions while communicating with users.
Specific measures for protection of personal information
The following describes specific measures for the system using our Tokyo Branch's trunk room operations for individual customers as an example.
- 1Personal information management system
The director of Trunk Room Office acts as a security manager and is responsible for general system security management. Daily system operation and management tasks are performed by a system administrator who is designated by the security manager.
- 2Access control to personal information
We collect access logs in the system to prevent unauthorized accesses and to identify any that do occur as quickly as possible. In addition, we have a system that automatically sends warning emails to the security manager and system administrator when very large volumes of traffic to access personal information data are generated.
- 3Access restrictions
To limit access to the system to authorized personnel, we perform strict management by giving an ID to each individual.
- 4Measures for mobile terminals
We restrict accesses to all mobile terminals by using a USB key. To prevent its loss, we remove the USB key from a terminal before moving it and carry it separately from the main unit.
- 5Management of backup tapes
We store data backup media safely in our facilities.