Cybersecurity
Cybersecurity Policy
Deeply aware of the continuous increase in cyber threats as well as the importance of customers' information, the SMFL Group is implementing management-led cybersecurity measures based on the Declaration of Cybersecurity Management put forward by Sumitomo Mitsui Financial Group, Inc.
Organizational Structure
The SMFL Group established SMFL CSIRT as a Company-wide computer security incident response team (CSIRT). This SMFL CSIRT falls under the direct direction and supervision of management and has put in place a structure and systems that facilitate collaboration with Sumitomo Mitsui Financial Group and Sumitomo Corporation. Over and above the aforementioned, SMFL CSIRT engages in the exchange of information with such external organizations as the Nippon CSIRT Association and security vendors as necessary.
Activities
As a contingency measure in the event of a security incident, the SMFL CSIRT works toward bringing the incident to an end while coordinating with each department. In addition, contingency drills are conducted several times each year.
In the normal course of events, steps are taken to systematically engage in a variety of activities. This includes maintaining cybersecurity documents and introducing the latest security equipment and services in accordance with international standards, Financial Services Agency guidelines, and other criteria.
Employee Education
In addition to cyberattack response exercises and workshops targeting management, sessions that allow employees to gain an understanding about security as well as suspicious e-mail drills are held. As far as CSIRT representatives are concerned, SMFL has put in place the necessary systems to assist in the acquisition and renewal of security-related qualifications, including Certified Information Systems Security Professional and Registered Information Security Specialist.
External Certification
SMFL has acquisition ISMS certification in line with the characteristics of its services (assetforce®, AI products).