Information Technology Systems
To achieve 24×7 system availability for our customers, Nippon Express USA, Inc. (NEU) has been operating its enterprise systems at two data centers within NTTA e-Business Hosting Centers with the world class SAS 70 Type-2 (SSAE 16 / SOC 1) certified redundant power systems, security protection and other critical IT services supporting our logistic business operations. Unauthorized people can not access our data centers, and also surveillance security camera and access system keep track of access events. Green IT is also the top priority at NEU as our Social Responsibility with green-enabled computer hardware, software, applications and tools to contribute to our corporate Global Warming initiatives with specific IT measurable goals on the cost reduction, low-carbon footprint, high efficiency & dynamic infrastructure. Security in the areas of facility, personnel, procedural and supply chain are included as part of our quality and compliance program and are according to standards which are also audited for compliance by a third party registrar.
All Nippon global networks are connected via two global telecom partners (KDDI and NTT). All America regions are one network using the same NEU IT Infrastructure architecture. Our centrally-managed data communications network connects the enterprise data center with 72 business locations across the USA, Canada, Mexico and Brazil. Mid-to-Large sized offices have separate back-up networks for the business continuity. If any kind of massive disaster should ever disable the primary data center, all America regional locations can continue their business operations from the secondary data center. Regardless of the AS400, Unix, Linux, Windows, Virtual, Citrix, Desktop (VDI), Radio Frequency, Internet, Email, Applications, Database, EDI, SAN, Data Backup, Remote Access, Data Replication, Smart Phone, Desktop, Authentication, Communication, Web servers and network platforms, our goal is to provide secured, transparent and robust data communications to our customers, vendors and employees. Nippon Express operates EDI connections with approximately 100 global customers and vendors including government agencies, financial institutions, automobile and medical industries. The range of EDI message types is extensive, including content related to Cargo Statuses, Billing Invoices, Shipping-related messages. Data exchange networks vary from VAN networks, Message Queue (MQ), dedicated VPN connections, BizManager, secured FTP, and Web. Data exchange standards include ANSI X12, EDIFACT, XML, and customer-specific formats.
Under the direction of the NEU Corporate Compliance Committee program and decision, Nippon Express USA, Inc. system security best practice is based on the ISO-27001, SOX, J-SOX, HIPPA, ISO-9001 and SAS 70 Type-2 (SSAE 16 / SOC 1) compliances with ISO-17991 and CoBit controls. IT provides robust systems with enhanced security for internal networks, at all network perimeters, and in data exchanges with customers on external networks. NEU IT is ISO/IEC 27001:2005 Certified (#IND13.0068U). All network access that traverses between internal and external networks, such as EDI with clients, Web, FTP and VPN are routed through redundant enterprise-class firewalls managed and monitored by NTTA at the e-Business Hosting Center. Perimeter security is controlled using a sophisticated design of multiple DMZ. Routine security tests (external hacking) and IDS (Intrusion Detection Systems) are provided by external security company. Any production change is reviewed by the weekly change control committee meeting and weekly IT management meeting to review, justify, approve, implement and trace. System security incidents and issues are tracked and escalated for prevention and quick resolution. Our IT best practices are being validated by the combination of annual audits by external auditors, such as Deloitte or E&Y, and quarterly technical audits through special technical auditors including password management and patch management. Customer data is secured and protected with multiple levels of security access control (internet, operating system, application, database, transmission) including personal information privacy data protection.
NEU Management has developed a Business Continuity Plan on how we will respond to events that significantly disrupt our business situations including, but not limited to, power outages, major water leaks, fire, loss of water, severe weather, and any facilities failures that may cause business interruptions. Since the timing and impact of disasters and disruptions is unpredictable for the global logistics business, we will have to be flexible with business partners in responding to actual events as they occur. Our business continuity plan is to quickly recover and resume business operations after a significant business disruption and respond by safeguarding our employees and property, making a financial and operational assessment, protecting the company assets, and allowing our customers to transact business. In short, our business continuity plan is designed to permit our company to resume operations as quickly as possible, given the scope and severity of the significant business disruption. Our business continuity plan addresses annual reviews of the following: data backup and recovery; all mission critical systems; financial and operational assessments; alternative communications with customers, employees, and regulators; alternative physical location of employees; critical supplier, contractor, bank and counter-party impact; regulator reporting; and assuring our customers prompt access to their business operational data. Other business partners with whom we do business are required to maintain business continuity plans also. Along with all proven redundant systems with multiple business continuity rehearsals at NEU, our current IT Infrastructure including MPLS WAN with two IBM data center solutions in VA and Chicago provide an average of 99.99% technical service level ratio results to support NEU business continuity. NEU continues to improve for the worst system disaster scenarios with a new RTO (recovery time objective) target of zero to 24 minutes while RPO (recovery point objective) is zero to 24 seconds. NEU IT cares about our customer business goals. Furthermore, NEU IT makes daily data backup on tapes to store at the Iron Mountain offsite storage per corporate compliance record retention policy. Also our IT capacity planning and on-going monitoring allows to provide adequate system capability for today and future business requirements.
Global Logistic Business System
At the core of our Nippon Express Global Logistic business is a suite of NEX4C “Nippon Express For Customers” applications, most of which have been developed and maintained in-house. NEX4C suite modules consists of globally integrated logistics applications such as Air and Ocean Import and Export, Custom Brokerage, Domestic Truck Service, WMS and EDI, ePelican and Critical Shipment Tracking, Shipment Trace and Tracking, Household Goods, Email and Helpdesk, Finance and Accounting systems. Where appropriate, top-tier vendor packages have been purchased and modified to provide efficient, comprehensive and up-to-date functionality. They provide a standard foundation for all Nippon Express companies worldwide. These application systems are jointly developed across the global IT development centers of Nippon Express to correspond to changes in business requirements in a timely manner. New software releases are distributed and implemented with strict change management procedures to ensure smooth inter-operation between all segments of the global operations.
Global IT Team
To support our global customer requirements, Nippon has four regional IT divisions – Japan, America, Europe and Asia – jointly working together with about 700 IT professionals to support multi-lingual systems and multi-cultural requirements. America region has 51 IT staff (USA 47, Canada 2, Mexico 1 & Brazil 1) and outsourced service providers such as IBM, NTTA, Essex, FNTC, TUSC, Manhattan Associates, Salesforce.Com, CISG, Solving IT and Websense.
Global Trace & Track System
All Nippon Express Global logistic shipment activities can be tracked on-line at different levels by our customers. Customers can see the common milestone statuses of the shipments online including estimated dates, shipped-date, arrived-date, delivered-date, special comments, etc. The current and historical shipment statuses can be inquired online by multiple reference numbers such as airway bill number and shipment number. Other than the shipping addresses, the customer-focused websites does not contain any personally identifiable information (PII) such as social security number, credit card number or drivers license number. A new customer user-id requested by customer via Nippon sales account manager can be created with a system-generated temporary password. Nippon Sales Account Manager will provide the new user-id and password to the customer with a simple how-to-use manual. Customer will be required to change the password at the time of the first-time log-in. Customer will be required to change the password every 45 days to 90 days online depending on the characteristics of the customer and world-wide security situations. Customer user-id is only associated with the customer data where no other customer data will be accessible because of the multiple layers of the Nippon Express IT security controls – Internet SSL Encryption Security, Customer-specific User Account Security, Application Function and Database Intelligent Security, Transaction Code Security, Data DES Encryption Security and Secured Physical Security. Nippon Express Customer-Focused Extranet websites have been designed and controlled under the ISO27001/ISMS compliance standards including application and database security. Upgrades and patches of application and database are managed through the change management process. Database security is also validated by the External Security Auditors periodically.