Information Security Management

NSK’s Approach

The use of digital technology is expanding across an increasingly wide range of fields. At the same time, the volume of information and data is also increasing dramatically with the forms in which it is held and used continuing to diversify. Against the backdrop of this business environment, in addition to the risks associated with the improper handling of information, there are growing concerns surrounding information leaks and the adverse effects on the supply chain due to increasingly sophisticated cyberattacks. Positioning information security management as one of its important management tasks, NSK is working to reduce a variety of risks while strengthening its response to relevant laws and regulations. Moreover, we are promoting initiatives for more robust mechanisms and organizational structures, such as network countermeasures, against increasingly sophisticated cyberattacks.

Basic Policy and Management Standards and Rules

NSK has established a basic information security policy and put in place subordinate rules and regulations. We review and expand this policy, as well as rules and regulations, in line with the enforcement and revision of statutory and regulatory requirements and changes in our operating environment. Moreover, we are working to ensure that information security rules and risk countermeasures are implemented throughout the organization via increased awareness, development, and education, as well as periodic checks on the status of their penetration.

Main Information security policies and standards of the NSK Group

System

Information Security Management System (ISMS)

The NSK Group is enhancing its managerial resources and transforming its business through the power of digital technology. We established the Information Security Enhancement Office under the Digital Transformation Division HQ to enable the safe use of digital technology and to globally deploy information security enhancement measures that take into account the relationship between digital technology and cybersecurity. Moreover, information security-related risks are supervised under the Corporate Risk Management System. Information security is also discussed by the Board of Directors as an issue that concerns the Group as a whole. The Information Security Enhancement Office regularly holds global meetings, working in cooperation with information security management committees in Japan, the Americas, Europe, China, ASEAN and Oceania, India, and South Korea. NSK is working to improve the information security management level of the entire NSK Group, and to plan and implement information security measures.

Information Security Management System (ISMS)

Targets and Performance

Mid-Term Management Plan 2026 (MTP2026) Targets, with Targets and Performance for Each Fiscal Year
Policy
  • Respond to risks associated with the convenience of information handling due to the rapid development of information and communication technology and strengthen compliance with relevant laws and regulations
  • Establish a highly secure IT infrastructure to address today’s increasingly sophisticated cyberattacks and take initiatives to strengthen readiness for cyberattacks
MTP2026Targets
  • Strengthen security governance management operations
  • Strengthen cyber security risk countermeasures
  • Strengthen infrastructure security
FY2022Targets
  • Make efforts to improve security standards based on official guidelines
  • Strengthen readiness against cyberattacks
  • Improve cybersecurity response capability by providing education and training
  • Establish a security-focused next-generation network and strengthen vulnerability management
Performance
  • Conducted security assessments in and outside Japan
  • Developed reinforcement measures based on the assessment results
  • Participated in the FY2022 Cross-Sectoral Exercise organized by the National center of Incident readiness and Strategy for Cybersecurity (NISC) and the Nippon CSIRT Association
  • Conducted incident response training at plants in Japan
  • Conducted information security inspections for business partners
  • Carried out regular education and training in addition to the above
  • Continued real-time monitoring and expanded its scope
  • Introduced a web gateway to enable secure external access
FY2023Targets
  • Continue efforts to improve the security maturity level based on official guidelines*
  • Continuously strengthen readiness against cyberattacks
  • Improve cybersecurity response capabilities with education and training
  • Establish a security-focused next-generation network and strengthen vulnerability management

* Official guidelines: A globally adopted guideline framework developed by professional cybersecurity organizations

Information Security Initiatives

The NSK Group's main information security initiatives are as follows.

  • Enhancing information security management
  • Having an external expert conduct security assessments to evaluate the security of NSK’s critical internal computer systems and public website
  • Developing an incident response system
  • Raising the information security awareness of NSK’s officers, employees, and business partners
Status of Security Certifications

NSK has established a PDCA cycle for its information security management system, which includes periodic inventory and risk assessment of information assets and the formulation of plans for addressing and improving risk issues. As a result, we have acquired and maintain ISO/IEC 27001 certification, an international standard. In addition, based on demands from customers, we acquired TISAX certification, a security certification broadly adopted in Germany’s automobile industry, at nine locations in Europe, China, and Japan.

Training and Countermeasures against Cyberattacks

As part of our efforts against cyberattacks, we have put in place a security incident response system to reduce risk and minimize the impact of damage through swift action based on preparatory steps and detection. In addition, we have defined incident levels and set out response procedures. We have also conducted drills on the assumption that an incident has occurred as well as targeted threat e-mail training to all NSK Group employees using PCs in cooperation with the Systems Management departments of each region. As technical countermeasures, we are advancing measures to reinforce monitoring for phishing emails and information devices and working to enhance surveillance and countermeasures, including against vulnerabilities, by using external security assessment services. Furthermore, security assessments are conducted by an external expert contractor for Internet public systems and internal critical systems. Given the growing risk of attacks against the supply chain in recent years, we are enhancing security systems at our plants and conducting information security inspections at business partners.

Prevention of Information Leaks and Information Security Education

The NSK Group has established rules for classifying and appropriately handling information according to the confidentiality level of information assets, paying close attention to the handling of confidential information and striving to prevent information leaks. As far as the NSK Group’s training and education endeavors are concerned, the Group is working to maintain and raise employee awareness toward information security through periodic e-Learning courses for employees in and outside Japan. We are also conducting training by employee category, including officers and Systems Management Department members, as well as for employees entering the company or personnel posted overseas.