Contact
Data Utilization & Security
- Key Information Security Policies
- Promotion System for Information Security
- Operations Based on Key Information Security Policies
- Establishment of Internal Regulations for Information Security
- Development and Enhancement of Audit System
- Realization of Systems that Ensure Information Security Countermeasures
- Analysis of Vulnerabilities
- Monitoring and Response to Threats to Information Security
- Enhancement of Information Security Literacy
- Reporting of Information Security Incidents
- Reinforcement of Supply Chain Management Structure
- Data Utilization Initiatives
The Yamato Group stores and handles the important personal information of many customers. In order to continue operating our business sustainably in the future, we believe that it is essential to ensure information security. We are working to prevent the leakage of personal information by setting based on our Group Corporate Philosophy and Corporate Stance, which advocate the protection of personal information. Going forward, in addition to ensuring information security, we will also utilize big data obtained from vehicles nationwide to solve social issues and provide new value.
Sustainability Metrics and Targets (2024–2026)
- Attain 100% attendance rate in information security training for all employees
- Achieve zero serious information security incidents
- Attain 100% implementation of email training for employees and information sharing to strengthen cyber security
For detailed targets and results, please refer to Sustainability Strategies, Goals and Results.
Key Information Security Policies
The Yamato Group stores and handles important personal information from many customers. In order to continue operating our business sustainably in the future, we believe it is essential to ensure information security. We have formulated the following key information security policies.
These key policies apply to all people involved with information assets, including executives, employees, part-time workers, and temporary workers. Furthermore, these policies pertain to not only personal information entrusted to the Yamato Group in the course of business activities, but to all information assets including those acquired or retained during business operations.
Statement of Information Security[PDF:314KB]Promotion System for Information Security
The Yamato Group continuously oversees information security-related aspects and has established a structure for its promotion to ensure information security, focused on the Digital Department, the organization responsible for digital countermeasures. We have also developed a structure for reporting to the Compliance and Risk Committee, chaired by the executive in charge of compliance and risk management.
The person responsible for each department handling information assets is designated as a management officer to ensure safety management. We have developed a structure for promptly report incidents from each department to higher-level organizations and coordinating with the relevant parties when an information security incident occurs or when there are facts or indications that laws or handling regulations have been broken.
Cyber Security
We consider cyber security countermeasures to be a management issue and have established a specialized organization (YAMATO-CSIRT) accordingly.
YAMATO-CSIRT (Japanese Only)Acquisition of ISO27001 (ISMS)
Business departments in the Yamato Group that handle a particularly high volume of confidential information have acquired ISO27001 (ISMS) certification.
For more details on the acquisition status of certification, please refer to our ESG Data page.
Operations Based on Key Information Security Policies
Establishment of Internal Regulations for Information Security
At the same time as laying out clear policies for handling all information assets, not just personal information, by formulating regulations that set out a management structure and safety management structure for information security, we ensure that all employees handling information assets are thoroughly informed of our strict stance against information leaks and similar incidents.
Furthermore, we carry out revisions at least once a year based on factors including the development of information technology and changes to the demands of society and are striving to continue improving the management system and details of initiatives.
Development and Enhancement of Audit System
We conduct internal audits to ensure compliance with key information security policies and regulations, as well as system reliability, and maintain the necessary systems. We also strive to continue external audits to gain even more objective evaluations.
We clarify that our employees are complying with key information security policies by systematically implementing such audits.
Realization of Systems that Ensure Information Security Countermeasures
We take physical and technological measures, including management of appropriate access rights, to ensure that fraudulent access, leaks, falsification, loss, destruction, and obstruction of use of information assets do not occur.
- Definition of key areas of information operation (security areas) for buildings and facilities and establishment of limits for managing employee entry and exit of areas and the devices they carry
- Implementation of external access restrictions through firewalls, regular monitoring of fraudulent access, introduction of anti-virus software, constant renewal of pattern files, management of app installation, and URL filtering
Analysis of Vulnerabilities
The Yamato Group strives to enable the provision of safe services for customers and suppliers. To prevent fraudulent access of information systems and information leaks, we conduct regular vulnerability assessments at least once a year and continuously monitor threat information, while also reinforcing protections for information assets by prioritizing and implementing countermeasures.
Monitoring and Response to Threats to Information Security
The Yamato Group has created a structure that promptly senses and responds to signs of incidents by continuously monitoring and analyzing threats to information assets, centered on specialist organization YAMATO-CSIRT. Further, through the establishment of a response flow and structure for incident occurrence, practiced at least once a year, we have developed a structure that takes steps including promptly preventing damage from spreading, investigating causes, and implementing recovery measures.
Enhancement of Information Security Literacy
The Yamato Group thoroughly implements information security training and drills for employees, enabling all those involved in information assets to have a high level of awareness and knowledge of information security when carrying out their duties. For the status of training implementation, please refer to our ESG Data page.
Furthermore, we ensure the following initiatives are implemented to enable employees to notice information security risks and respond appropriately.
Dissemination of Incident Reporting Structure
Under information security training for all employees, we communicate escalation procedures to enable prompt reporting to the Digital Department and Compliance and Risk Department when recognizing information security incidents, vulnerabilities, and suspicious activities. Requiring all employees to participate in training at least once a year will enhance risk awareness of each employee and strengthen the security system for all organizations.
Continued Enhancement of Information Security Awareness
We continuously share recent trends in cyber attacks and warnings through measures including regular training and in-house communication, striving to ensure employees have a high level of awareness of information security on a daily basis.
Reporting of Information Security Incidents
The Yamato Group announces the number of serious information security incidents. For more details, please refer to our ESG Data page.
Reinforcement of Supply Chain Management Structure
The 
Yamato Group Business Partner Guidelines, which require compliance from business partners, specify strict management of personal and confidential information. When forming outsourcing contracts and other similar agreements, we thoroughly review the eligibility of suppliers and require them to maintain security levels equal to or higher than the Yamato Group.
Furthermore, we routinely review contractors and strengthen contracts to continuously affirm that their security level is appropriate.
Data Utilization Initiatives
Enhancing Data Management
In addition to the development of human resources, we believe that data quality control is also important in order to achieve the effective realization of data-driven management and are enhancing data management to support this.
As part of this effort, we established a data-utilization consultation desk as a function for checking the legality and reputation risk involved when using data in-house.
Selection for Digital Transformation Stocks
Yamato Holdings was selected as a Noteworthy DX Company among the Digital Transformation Stock Selection (DX Stocks) 2024 program, which is jointly held by the Ministry of Economy, Trade and Industry, the Tokyo Stock Exchange, and the Information-technology Promotion Agency, Japan.
