Actions for information security
Compliance frameworks and standards
The NSSOL Group has established regulations and internal standards for information security and personal data protection, in compliance with or with reference to the following frameworks and domestic and international standards.
- NIST Cybersecurity Framework (CSF) 2.0 (developed by the U.S. National Institute of Standards and Technology)
- ISO/IEC 27001: Information security, cybersecurity and privacy protection - Information security management systems - Requirements
- JIS Q 15001: Personal information protection management systems - Requirements
- Guidelines for Establishing and Operating a Personal Information Protection Management System under Privacy Mark
We have referred to the below frameworks as complementary points of reference, and set out detailed requirements for security measures and administrative procedures accordingly:
- NIST SP 800-53: Security and Privacy Controls for Information Systems and Organizations
- NIST SP 800-171: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
- CIS Controls: Critical Security Controls
Information Security Committee
We have established the Information Security Committee to oversee decision-making regarding information security activities across the entire NSSOL Group.
The Committee determines security strategies, policies, and initiatives aligned with the Group’s mission, formulates annual information security plans, regularly reviews our information security management systems, and deliberates on other important matters related to information security.
We regularly report to the Board of Directors on the annual information security activity plan, the results of management reviews, information security audit plans and outcomes, as well as other matters related to information security.
Information security management system
We have established a dedicated Information Security Management Organization that oversees and is responsible for information security across the entire NSSOL Group. From a company-wide, optimal perspective that supports business growth, this organization assesses, determines, and implements responses to security risks, and leads the PDCA (Plan-Do-Check-Act) cycle for information security risk management.
In addition, we have organized the SIRT (Security Incident Response Team) department as a subordinate body. This department routinely collects and analyzes information provided by JPCERT/CC and other specialized agencies, assesses the potential impact on the NSSOL Group’s information assets, and implements necessary measures to mitigate risks. In the event of an information security incident, the SIRT department leads the management and response efforts across the entire NSSOL Group.
Internal audits and supply chain management
We conduct annual internal audits on information security and personal data protection across all divisions and domestic and overseas group companies. These audits verify the implementation status of information security risk countermeasures and compliance with our internal rules and standards. If any deficiencies are identified, corrective measures are promptly taken.
Additionally, as part of our efforts to address supply chain risks, we conduct information security assessments of our business partners when initiating new transactions and on an annual basis, evaluating their risk management practices.
Information Security Training and Education
All employees, temporary staff, and partner employees of the NSSOL Group receive training on information security and personal data protection upon joining the company. Furthermore, we provide annual information security training and comprehension tests for the above employees and the staff of our contractors engaged in our business operations. The training aims to raise awareness of the necessity and importance of information asset management and personal data protection, thereby enhancing each individual’s sensitivity to security risks.
Moreover, we conduct regular simulated targeted email attack drills, and major cyber incident response exercises-such as those assuming ransomware infections that could impact business continuity-with participation from top management, including the President.
Third-Party Certification Related to Information Security
The NSSOL Group actively promotes third-party evaluations and certifications by external professional organizations. The following group companies have obtained certifications related to information security and personal data protection, and undergo regular audits by certification bodies (PrivacyMark: renewal audit every two years; JIS Q 27001: renewal audit every three years and annual surveillance audits).
Certification Company
PrivacyMark Entities
- NS Solutions Corporation
- NS Solutions Hokkaido Corporation
- NS Solutions East Japan Corporation
- NS Solutions Chubu Corporation
- NS Solutions Kansai Corporation
- NS Solutions Kyushu Corporation
- NS Solutions Service and Technology Corporation
- Network Value Components Ltd.
- NS Financial Management Consulting, Inc.
- Infocom Corporation
- NCI Systems Integration, Inc.
- NIPPON STEEL Hitachi Systems Solutions, Inc.
JIS Q 27001:2023 (ISO/IEC 27001:2022)
- Financial Engineering Group, Inc.
- NS Solutions Corporation
- IT Service & Engineering Bureau Cloud Platform Division
- Retail & Service Business System Solutions Bureau Company A project
- Digital Solution & Consulting Bureau Enterprise Solutions Division Application Service Department-II
- NS Solutions Kyushu Corporation
- Business Solutions Division-II
- OSP Solutions Inc.
NS Solutions Okinawa Corporation
JIS Q 27001:2025 (ISO/IEC 27001:2022+Amd 1:2024)
- NS Solutions Corporation
- IT Service & Engineering Bureau Cloud Platform Division, Digital Platform Division
- IT Service & Engineering Bureau Sales & Marketing Division-II, Digital Service & Engineering Division
- IT Service & Engineering Bureau IT Sourcing Division
JIP-ISMS517-1.0 (ISO 27017)
- NS Solutions Corporation
- IT Service & Engineering Bureau Cloud Platform Division