Information security management

To ensure security of information systems and the smooth business activities of the Company, we developed the Rules for Information Security Management and the Information Security Management Standards and ensured that all employees were fully familiar with them.

Management of Information Security
  1. 1Security of customer information (personal information)
  2. 2Security of intellectual property rights
  3. 3Confidentiality obligation
  4. 4Compliance with laws and regulations, obligation of compliance with regulations and penalties
  5. 5Management of information assets
  6. 6Formulation of security measure standards (Development standard, management standard, outsourcing standard)
  7. 7Monitoring and supervision
  8. 8Protecting systems from computer viruses
  9. 9Access authority control
  10. 10Information security education
Management of Network security
  1. 1Management of connection to ML-net (in-house network)
  2. 2Rules for e-mail use
  3. 3Rules for dispatching information
  4. 4Rules for connection with networks outside the Company

Specific items to be observed regarding use and operation of the in-house network are specified in the ML-net Operation and Management Standards.

Specific items to be observed
  1. 1Rules of use
  2. 2Operation and management of ML-net
  3. 3Installation of ML-net lines
  4. 4Procedures for using cloud computing

Also, we appoint a LAN manager from each branch's information system section and OA promotion staff from the relevant section of each division that uses the network, ensuring safety and the effective use of our in-house network.
We also developed the Privacy Policy and Rules, Information System Disaster Control Manual, and other documents to enhance protection of customers' properties and countermeasures against system faults and disasters.

Diagram of Information Security Management

Continuous initiatives to improve information security

ISO27001 Certificate of Registration

To improve the level of information security, Mitsubishi Logistics Corporation regularly monitors all employees using information security operation management tools.
Meanwhile, our Tokyo Branch Trunk Room Office and Dia Systems Corporation (our subsidiary that develops and operates our information systems) were certified by ISO27001, the international standard for information security management systems. The Trunk Room Office strives to maintain and improve information security and give customers a stronger sense of security, performing collection and distribution operations of information storage media such as documents and magnetic tapes. Dia Systems Corporation meanwhile strives to maintain and improve quality related to the use, development, and operation of information systems.

Purposes of monitoring
  1. 1Appropriate and effective implementation of information security measures
  2. 2Streamlining of management and operation and continuation of the established PDCA (Plan, Do, Check, Action) cycle
  3. 3Validation of measures and visualization of problems, etc.

PDCA cycle of Dia Systems Corporation

1.P (PLAN)
The information system division formulates operation measures and check items.
2.D (DO)
Regularly send operation check items in questionnaire form to all employees who use the ML-net (in-house network) by e-mail and collect their responses.
Output an analysis report of the responses from various viewpoints.
For defective check items, the information system division develops improvement measures and provides instructions while communicating with users.

Specific measures for protection of personal information

The following describes specific measures for the system using our Tokyo Branch's trunk room operations for individual customers as an example.

  1. 1Personal information management system

    The director of Trunk Room Office acts as a security manager and is responsible for general system security management. Daily system operation and management tasks are performed by a system administrator who is designated by the security manager.

  2. 2Access control to personal information

    We collect access logs in the system to prevent unauthorized accesses and to identify any that do occur as quickly as possible. In addition, we have a system that automatically sends warning emails to the security manager and system administrator when very large volumes of traffic to access personal information data are generated.

  3. 3Access restrictions

    To limit access to the system to authorized personnel, we perform strict management by giving an ID to each individual.

  4. 4Measures for mobile terminals

    We restrict accesses to all mobile terminals by using a USB key. To prevent its loss, we remove the USB key from a terminal before moving it and carry it separately from the main unit.

  5. 5Management of backup tapes

    We store data backup media safely in our facilities.