Tokyogasgroup csr report

Basic Policies

Information security throughout our business operations is an essential part of sustaining the Tokyo Gas Group’s brand value of “Safety, Security, and Reliability.” In particular, we believe our social responsibility as a public utility company is to prevent any leaks of confidential information, particularly including information on our more than 11 million customers as well as the destruction of or tampering with systems.
In light of the evolving business environment, including sophisticated use of the Internet and the increased threat of cyber-attacks, such as unauthorized access from external sources and computer viruses, Tokyo Gas will establish a PDCA cycle to further strengthen our ability to ensure information security.
 

PDCA Cycle for Ensuring Information Security

PDCA Cycle for Ensuring Information Security
DFF Inc., Corporate Social Responsibility Sect, General Administration Dept., Corporate Planning Dept., Resources & Global Business Division, Energy Solution Div, Power Buisiness Dept., Pipeline Network Division, IT Division, Residential Sales Div., Fundamental Technology Dept., Energy Solution Div, Environmental Affairs Dept., Purchasing Dept. , Health Insurance & Employees' Welfare Sect., Personnel Dept., Internal Audit Dept., Audit & Supervisory Board Member's Office, Compliance Dept., Regional Development Div., Finance Dept, TGES, TOKYO GAS COMMUNICATIONS, INC.

Information Security Promotion System

Tokyo Gas has set up information security systems for each division and department to prevent accidents and minimize the impact from the leakage of confidential information or the destruction and tampering of systems. The same information security promotion system is in place at our subsidiaries and affiliates as well as at around 270 partner companies as part of a concerted effort to manage information security risks across the Tokyo Gas Group.
Through these efforts, we promote the active use of information and achieve a higher brand value as well as sustainable growth.
 

Tokyo Gas Group Information Security Promotion System

Tokyo Gas Group Information Security Promotion System
 

Tokyo Gas Group Information Security Promotion

Code of Conduct to Ensure Information Security
Information security cannot be established unless all employees share a strong sense of risk management. A breach can quickly occur if just one person becomes slack and lets down their guard while assuming everyone else’s vigilance will provide sufficient protection. The Code of Conduct to Ensure Information Security provides guidelines on decision making and action steps for every individual in the Group for safeguarding information. The Group reviews the code as appropriate to maintain its relevance.

Code of Conduct to Ensure Information Security
Code of Conduct to Ensure Information Security
DFF Inc., Corporate Social Responsibility Sect, General Administration Dept., Corporate Planning Dept., Resources & Global Business Division, Energy Solution Div, Power Buisiness Dept., Pipeline Network Division, IT Division, Residential Sales Div., Fundamental Technology Dept., Energy Solution Div, Environmental Affairs Dept., Purchasing Dept. , Health Insurance & Employees' Welfare Sect., Personnel Dept., Internal Audit Dept., Audit & Supervisory Board Member's Office, Compliance Dept., Regional Development Div., Finance Dept, TGES, TOKYO GAS COMMUNICATIONS, INC.

Practices to Ensure Information Security

We implement measures at the technical, personnel and organizational levels to consistently ensure that information security incorporates advances in information technology in order to address the prevailing information security situation in society. We shall all be driven by this acute awareness as we strive to raise the quality of information security throughout the Tokyo Gas Group.
 

Measures for Establishing Information Security

Type Purpose Content
Technical measures
  • Prevent viruses from entering the system
  • Prevent viruses from spreading in the event of a system breach
  • Prohibit staff from taking information outside the corporate environment
  • Block access to unsolicited email and illegal websites
  • Install antivirus software
  • Introduce surveillance service
Personnel measures
  • Deepen understanding of the risks of information leakage due to theft, misplacement, and viruses
  • Check if information security rules are followed and appropriate actions are taken
  • Implement information security education
  • Conduct self-checks
  • Note:  Applicable to employees as well as temporary staff of approximately 80 companies including Tokyo Gas Co., Ltd., its subsidiaries, and LIFEVAL (more than 20,000 personnel in total)
Organizational measures Rapidly respond to every information security incident
  • Construct a system for promoting information security
  • Establish a CSIRT (Computer Security Incident Response Team)
  • Conduct drills for responding to cyber-attacks
DFF Inc., Corporate Social Responsibility Sect, General Administration Dept., Corporate Planning Dept., Resources & Global Business Division, Energy Solution Div, Power Buisiness Dept., Pipeline Network Division, IT Division, Residential Sales Div., Fundamental Technology Dept., Energy Solution Div, Environmental Affairs Dept., Purchasing Dept. , Health Insurance & Employees' Welfare Sect., Personnel Dept., Internal Audit Dept., Audit & Supervisory Board Member's Office, Compliance Dept., Regional Development Div., Finance Dept, TGES, TOKYO GAS COMMUNICATIONS, INC.

Protection of Personal Information

We recognize that properly protecting and handling personal information is at the foundation of our business activities and a vital social responsibility. In fulfilling these responsibilities, we have established the following policies for guiding our best efforts to protect personal information.
 
Policy on Protection of Personal Information at Tokyo Gas
 

(1) Legal compliance

In addition to observing all applicable laws and regulations and guidelines governing the protection of personal information, Tokyo Gas establishes and continually improves Company policy and internal rules for protecting personal information.


(2) Personal information management

Tokyo Gas takes necessary actions under relevant laws, regulations and guidelines and properly manages personal information to prevent any loss, leakage or unauthorized changes to said information. In addition, a person is assigned to be responsible for the protection of personal information at each workplace and to educate and monitor employees in regard to this issue.


(3) Collection and use of personal information

Tokyo Gas appropriately obtains personal information to properly and efficiently conduct business. Prior to collecting such information, Tokyo Gas informs the person in advance of the purpose for which the information will be used and only obtains the specific information necessary to achieve this purpose.


(4) Provision of personal information to third parties

Tokyo Gas does not provide personal information to any third party without obtaining the prior agreement of the person affected, except as allowed to do so under relevant laws, regulations or guidelines, and in certain cases where, for example, parties receiving the entrusted information are not legally defined as third parties. When providing personal information to, for example, an entrustee, Tokyo Gas selects a party that can meet and fulfill the necessary standards and obligations for managing personal information, makes appropriate arrangements for the protection of the personal information and monitors the said party.


(5) Disclosure, correction, etc., of personal information

When a person seeks to disclose, correct or delete personal information, Tokyo Gas endeavors to promptly respond, within reasonable limits under relevant laws and guidelines, after confirming the person's identity.

 

Secure Control of Personal Information

The Tokyo Gas Group collects and utilizes a massive volume of personal information, including information on over 11 million customers. To ensure the personal information of all our customers is appropriately protected and managed, we have established a Company-wide personal information security control system. Moreover, we are committed to thoroughly informing employees and raising their awareness about legal concerns and implications.
We established a Company-wide personal information security control system even before the Act on the Protection of Personal Information took full effect on April 1, 2005, and since then we have been working to ensure that all employees are thoroughly informed of the act by developing in-house rules and manuals in compliance with it. In addition to voluntary checks conducted to confirm whether personal information is being properly managed, internal audits are conducted by the Internal Audit Department to assess compliance with the act and other applicable laws, ordinances and guidelines as well as our own policy on the protection of personal information and internal rules. In order to constantly foster awareness of information security, employees learn about protecting personal information as part of the level-specific training provided when they join the Company, during their third year and qualification promotions, and on other appropriate occasions.
In response to the revised Act on the Protection of Personal Information that took effect in May 2017, we began informing each company of the Tokyo Gas Group of the details of the revised act. We also formulated guidelines for clarifying personal information and handling anonymously processed information. In April 2017, we distributed a pamphlet that explains the practical aspects of the Act on the Protection of Personal Information to all Group employees and its subsidiaries, Tokyo Gas LIFEVAL companies, and other partner companies in order to strengthen understanding and encourage rigorous compliance.

Let’s Follow the Rules: A Guide for Protecting Personal Information
Let’s Follow the Rules: A Guide for Protecting Personal Information 
DFF Inc., Corporate Social Responsibility Sect, General Administration Dept., Corporate Planning Dept., Resources & Global Business Division, Energy Solution Div, Power Buisiness Dept., Pipeline Network Division, IT Division, Residential Sales Div., Fundamental Technology Dept., Energy Solution Div, Environmental Affairs Dept., Purchasing Dept. , Health Insurance & Employees' Welfare Sect., Personnel Dept., Internal Audit Dept., Audit & Supervisory Board Member's Office, Compliance Dept., Regional Development Div., Finance Dept, TGES, TOKYO GAS COMMUNICATIONS, INC.

Information Security Audit

The Internal Audit Department audits the Company and its subsidiaries and affiliates to determine whether the audited organizations are taking proper steps to ensure information security, to identify specific information security risks, and to confirm whether controls are being properly developed and implemented to manage these risks.
DFF Inc., Corporate Social Responsibility Sect, General Administration Dept., Corporate Planning Dept., Resources & Global Business Division, Energy Solution Div, Power Buisiness Dept., Pipeline Network Division, IT Division, Residential Sales Div., Fundamental Technology Dept., Energy Solution Div, Environmental Affairs Dept., Purchasing Dept. , Health Insurance & Employees' Welfare Sect., Personnel Dept., Internal Audit Dept., Audit & Supervisory Board Member's Office, Compliance Dept., Regional Development Div., Finance Dept, TGES, TOKYO GAS COMMUNICATIONS, INC.