Tokyogasgroup csr report

Basic Policies

The foundation of the Tokyo Gas Group’s brand value of “Safety, Security, and Reliability” is being able to guarantee the security of information throughout our business operations. In particular, we believe our social responsibility as a public utility company is to prevent any leaks of confidential information, particularly including information on our more than 11 million customers as well as the destruction of or tampering with systems.
In light of the evolving business environment, including sophisticated use of the Internet and the increased threat of cyber-attacks, such as unauthorized access from external sources and computer viruses, Tokyo Gas will establish a PDCA cycle to further strengthen our ability to ensure information security.

PDCA Cycle for Ensuring Information Security
 

PDCA Cycle for Ensuring Information Security
DFF Inc., Corporate Social Responsibility Sect, General Administration Dept., Corporate Planning Dept., Resources & Global Business Division, Energy Solution Div, Power Buisiness Dept., Pipeline Network Division, IT Division, Residential Sales Div., Fundamental Technology Dept., Energy Solution Div, Environmental Affairs Dept., Purchasing Dept. , Health Insurance & Employees' Welfare Sect., Personnel Dept., Internal Audit Dept., Audit & Supervisory Board Member's Office, Compliance Dept., Regional Development Div., Finance Dept, TGES, TOKYO GAS COMMUNICATIONS, INC.

Information Security Promotion System

Tokyo Gas has set up information security systems for each division and department to prevent accidents and minimize the impact from the leakage of confidential information or the destruction and tampering of systems. The same information security promotion system is in place at our subsidiaries and affiliates as well as at around 260 partner companies as part of a concerted effort to manage information security risks across the Tokyo Gas Group.
Through these efforts, we promote the active use of information and achieve a higher brand value as well as sustainable growth.

Tokyo Gas Group Information Security Promotion System
Tokyo Gas Group Information Security Promotion System
 

Tokyo Gas Group Information Security Promotion

Code of Conduct to Ensure Information Security
The security of information is vulnerable to the risk of one person’s carelessness undoing all other efforts. A breach can quickly occur if one person lets down their guard assuming that everyone else’s vigilance will provide sufficient protection. The Code of Conduct to Ensure Information Security provides guidelines on decision making and action steps for every individual in the Group for safeguarding information. The Group reviews the code as appropriate to maintain its relevance.

Code of Conduct to Ensure Information Security
Code of Conduct to Ensure Information Security
DFF Inc., Corporate Social Responsibility Sect, General Administration Dept., Corporate Planning Dept., Resources & Global Business Division, Energy Solution Div, Power Buisiness Dept., Pipeline Network Division, IT Division, Residential Sales Div., Fundamental Technology Dept., Energy Solution Div, Environmental Affairs Dept., Purchasing Dept. , Health Insurance & Employees' Welfare Sect., Personnel Dept., Internal Audit Dept., Audit & Supervisory Board Member's Office, Compliance Dept., Regional Development Div., Finance Dept, TGES, TOKYO GAS COMMUNICATIONS, INC.

Practices to Ensure Information Security

We implement both technical and personnel-related measures to continuously ensure information security that incorporates advances in information technology and the prevailing information security situation society. In terms of technology, we deploy multiple layers of security, including the installation of hardware to protect against unauthorized access from external sites and software to detect and remove computer viruses. In terms of personnel, we have developed arrangements to promote information security, provide related training, and perform self-checks. The Computer Security Incident Response Team (CSIRT) has also been set up as a special unit to rapidly handle incidents.
In fiscal 2017, security training was provided to regular and temporary employees at about 80 companies, including Tokyo Gas, our subsidiaries, and Tokyo Gas LIFEVAL (“LIFEVAL”) companies. Participants learned about the proper handling of confidential information taken offsite, dealing with email from unknown senders, and managing IDs and passwords to strengthen their understanding of the risks associated with the theft and loss of data and information leaks caused by computer viruses.
For self-checks, employees verify whether they are acting in accordance with the knowledge and rules gained through security training and report the results to relevant job sites so that employees can improve workplace behavior.
Our company, subsidiaries and LIFEVAL will continue to implement personnel and technical-based strategies to maintain and improve the information security competence of every employee.
 
Information Security Training
Purpose To deepen understanding of information security risks such as information leakage due to theft, loss and virus infection
Target employees Regular and temporary employees at about 80 companies, including Tokyo Gas, its subsidiaries and Tokyo Gas LIFEVAL
Contents of education ・Proper handling of confidential information when taken offsite
・Dealing with email from unknown senders
・Managing IDs and passwords
 
Self-checks

・ Self-checking whether employees are acting in accordance with the knowledge and rules that they learned from information security training

・ Reporting the results to every workplace

DFF Inc., Corporate Social Responsibility Sect, General Administration Dept., Corporate Planning Dept., Resources & Global Business Division, Energy Solution Div, Power Buisiness Dept., Pipeline Network Division, IT Division, Residential Sales Div., Fundamental Technology Dept., Energy Solution Div, Environmental Affairs Dept., Purchasing Dept. , Health Insurance & Employees' Welfare Sect., Personnel Dept., Internal Audit Dept., Audit & Supervisory Board Member's Office, Compliance Dept., Regional Development Div., Finance Dept, TGES, TOKYO GAS COMMUNICATIONS, INC.

Protection of Personal Information

We recognize that properly protecting and handling personal information is at the foundation of our business activities and a vital social responsibility. In fulfilling these responsibilities, we have established the following policies for guiding our best efforts to protect personal information.
 
Policy on Protection of Personal Information at Tokyo Gas
 

(1) Legal compliance

In addition to observing all applicable laws and regulations and guidelines governing the protection of personal information, Tokyo Gas establishes and continually improves Company policy and internal rules for protecting personal information.


(2) Personal information management

Tokyo Gas takes necessary actions under relevant laws, regulations and guidelines and properly manages personal information to prevent any loss, leakage or unauthorized changes to said information. In addition, a person is assigned to be responsible for the protection of personal information at each workplace and to educate and monitor employees in regard to this issue.


(3) Collection and use of personal information

Tokyo Gas appropriately obtains personal information to properly and efficiently conduct business. Prior to collecting such information, Tokyo Gas informs the person in advance of the purpose for which the information will be used and only obtains the specific information necessary to achieve this purpose.


(4) Provision of personal information to third parties

Tokyo Gas does not provide personal information to any third party without obtaining the prior agreement of the person affected, except as allowed to do so under relevant laws, regulations or guidelines, and in certain cases where, for example, parties receiving the entrusted information are not legally defined as third parties. When providing personal information to, for example, an entrustee, Tokyo Gas selects a party that can meet and fulfill the necessary standards and obligations for managing personal information, makes appropriate arrangements for the protection of the personal information and monitors the said party.


(5) Disclosure, correction, etc., of personal information

When a person seeks to disclose, correct or delete personal information, Tokyo Gas endeavors to promptly respond, within reasonable limits under relevant laws and guidelines, after confirming the person's identity.

 

Secure Control of Personal Information

The Tokyo Gas Group collects and utilizes a massive volume of personal information, including information on over 11 million customers. To ensure the personal information of all our customers is appropriately protected and managed, we have established a Company-wide personal information security control system. Moreover, we are committed to thoroughly informing employees about the legal concerns and implications to raise their awareness of the need and practices for protecting personal information.
We established a Company-wide personal information security control system even before the Act on the Protection of Personal Information took full effect on April 1, 2005, and since then we have been working to ensure that all employees are thoroughly informed of the act by developing in-house rules and manuals in compliance with it. In addition to voluntary checks conducted to monitor if personal information is being properly managed, personal information protection audits are conducted by the Internal Audit Department to assess compliance with the act and other applicable laws, ordinances and guidelines as well as our own policy on the protection of personal information and internal rules. In order to constantly foster awareness of information security, employees learn about protecting personal information as part of the level-specific training provided when they join the Company, during their third year and qualification promotions, and on other appropriate occasions.
Prior to the revised Act on the Protection of Personal Information going into effect on May 30, 2017, we began informing each company of the Tokyo Gas Group of the details of the revised act in the second half of fiscal 2016. We also implemented the necessary preparations to comply with the new requirements, such as the clarification of personal information and handling of anonymously processed information. Moreover, we formulated guidelines for creating anonymously processed information and shared them throughout the Group to facilitate the legally permitted use of personal information. In April 2017, we distributed a pamphlet that explains the practical aspects of the Act on the Protection of Personal Information to all Group employees and its subsidiaries, Tokyo Gas LIFEVAL companies and other partner companies in order to strengthen understanding and encourage rigorous compliance.

Let’s Follow the Rules: A Guide for Protecting Personal Information
Let’s Follow the Rules: A Guide for Protecting Personal Information 
DFF Inc., Corporate Social Responsibility Sect, General Administration Dept., Corporate Planning Dept., Resources & Global Business Division, Energy Solution Div, Power Buisiness Dept., Pipeline Network Division, IT Division, Residential Sales Div., Fundamental Technology Dept., Energy Solution Div, Environmental Affairs Dept., Purchasing Dept. , Health Insurance & Employees' Welfare Sect., Personnel Dept., Internal Audit Dept., Audit & Supervisory Board Member's Office, Compliance Dept., Regional Development Div., Finance Dept, TGES, TOKYO GAS COMMUNICATIONS, INC.

Information Security Audit

The Internal Audit Department audits the Company and its subsidiaries and affiliates to determine whether the audited organizations are taking proper steps to ensure information security, to identify specific information security risks, and to confirm whether controls are being properly developed and implemented to manage these risks.
DFF Inc., Corporate Social Responsibility Sect, General Administration Dept., Corporate Planning Dept., Resources & Global Business Division, Energy Solution Div, Power Buisiness Dept., Pipeline Network Division, IT Division, Residential Sales Div., Fundamental Technology Dept., Energy Solution Div, Environmental Affairs Dept., Purchasing Dept. , Health Insurance & Employees' Welfare Sect., Personnel Dept., Internal Audit Dept., Audit & Supervisory Board Member's Office, Compliance Dept., Regional Development Div., Finance Dept, TGES, TOKYO GAS COMMUNICATIONS, INC.