HENNGE One is Introduced at the Time of Email Audit System Renewal
Strengthening Email Security and Improving Operational Efficiency for Approximately 9,000 Employees
Toyota Auto Body Corporation is a complete vehicle manufacturer that handles Toyota vehicles from development to production. The company plans, develops, and produces popular models of minivans, SUVs, and commercial vehicles, including the Alphard, Hiace, and Land Cruiser. The company introduced HENNGE One to replace the email auditing system it had used for many years. The new system improved the convenience of employees’ e-mail operations and strengthened e-mail security.
We interviewed three members of the Risk Management Office of the General Planning Department, who were instrumental in the implementation.
The decision to implement HENNGE One was made when the aging e-mail audit system was upgraded.
— Could you tell us about the background of your efforts to revamp e-mail security and the issues you faced with e-mail in the past?
The email audit system that we have been using for the past 10 years has become obsolete, and the maintenance deadline for our on-premise server is approaching, so it was time to renew the system.
Our previous e-mail audit system was primarily used to prevent accidental transmission when sending e-mail outside the company. The system was very time-consuming, requiring the user to put a hold on the message when sending it, receive the sent message, open it, check the check items, and send it again. In addition, there is a rule that the e-mail must be sent with the superior’s name in the CC, and many managers have voiced that it takes time just to look at the e-mail received in the CC, and there was a desire to improve the system.
The system for preventing erroneous transmissions was only a self-checking and approval system, which was not a proper way to conduct an audit. We wanted to take this opportunity to change to a more secure and convenient system, and when HENNGE approached us, we began a full-scale study.
— What were your requirements for the study and what made you decide to use HENNGE One?
First of all, it was important that the functions of the e-mail audit system we currently use be made more convenient and that the system be easy for our employees to use. We have 9,200 employees with e-mail accounts out of our 13,000 employees, so if the system is too complicated to operate and we receive more inquiries, we will not be able to handle them. In addition, we had been sending attachments using the PPAP method, in which a ZIP file with a password and the password are sent separately, but we wanted to break away from PPAP at this time.
We also wanted a secure mechanism for sending large files. We have many opportunities to send large files to our overseas offices, and many of them contain highly confidential information, so secure sharing was essential. Until now, we had to apply in advance to use a separate data sharing site and have access rights set, which was very inconvenient.
The following month after we started considering the possibility of using HENNGE, we had a demonstration at our company to confirm the functions and operational feel of the system. As a result, we decided to use HENNGE One because, first of all, the operation is easy for anyone to understand. In addition, it has functionality that meets all of our requirements, such as preventing erroneous transmissions, eliminating PPPAP, and large file attachments. The fact that the system has been used by our subsidiaries and the Toyota Group for many years gave us a sense of security, which was a big support for us.
— What appealed to you when you made your offer?
Naturally, cost-effectiveness is a key requirement when introducing a system, but the man-hours required by the operators and users to set up the system are often overlooked. In addition to making it easier to focus on the core business, the value of HENNGE One is that it can lead to the correct form of e-mail security, rather than the self-auditing and self-approval based on the conventional good faith theory.
Smooth implementation and internal deployment
— Did you encounter any difficulties in implementation and internal deployment?
When introducing the system, it took some time to take over the rules and white lists and other exclusion settings of the e-mail audit system we had been using, because we were not sure about the past history of the system, Thanks to the flexible support we received in the face of repeated specification changes, we were able to proceed as planned. In the case of conventional system construction, it is necessary to go through various processes such as planning, requirements study, design, etc., and it seems to take a long time anyway, but HENNGE One is a cloud service, so we were able to start using it smoothly in a short time.
For the internal deployment, we held several online lectures for the IT staff in each department to explain the main purpose of the system and how to operate it, and then each department deployed the system. There was not much that was unclear about how to operate the system, and the extensive procedures and manuals published by HENNGE were very helpful. Although part of the migration from the old system fell during the year-end period, we were grateful that HENNGE’s support team was able to assist us as usual.
Reduction of e-mail-related man-hours and improvement of operational efficiency
Realized benefits such as being able to focus on core business
— How do you feel about the effects after the introduction of HENNGE One ?
The introduction of HENNGE One enabled us to take measures to ensure the prevention of misdirects, and we were able to make the decision to change the self-approval process of our previous e-mail auditing system. Until now, it took several minutes to send one e-mail, so in terms of man-hours for 9,200 people, this is a very significant improvement in operational efficiency. In addition, we were able to eliminate PPAP while enhancing convenience, so we believe the change was cost-effective in terms of convenience and security.
In addition, we use Microsoft 365’s Exchange Online for sending and receiving e-mail, which has backup as a standard feature, but when we wanted to go back to our e-mail history for HR or accounting-related evidence, the search function was difficult to use, and it took time to check the archived e-mails. With the HENNGE Email Archive, searching through the email archive has become much easier and faster.
The elimination of the rule of cc’ing superiors has been well received by managers, who are no longer bothered by the large number of cc’d e-mails and can focus more on their core business. In addition, sending large files such as videos to overseas offices has also become much more convenient, as it is no longer necessary to submit applications in advance, as was the case in the past, and can be completed within each individual account.
The employees’ reaction to the new system is that it has more functions and is more convenient than the previous system, and they have accepted it more readily and without resistance than we expected. BCC, which used to be prohibited in principle and required prior application to prevent abuse, can now be used, and the department sending exhibition questionnaires, etc., has responded favorably that the lead time has been shortened. When we first started using the system, we had the impression that there were many questions about how to operate the system from the other end, but this calmed down after a few months, and the system is now widely used without any inquiries. The operation of the management screen is intuitive and easy to understand, and it is easy to deal with requests for exception handling and other settings, as well as confirmation that mail has been received.
We will continue to promote the strengthening of security and risk management through the use of IT and digital technology.
Enhancing Security and Risk Management through IT and Digital Applications
— Finally, what are your thoughts on the future?
The introduction of HENNGE One has resolved various issues related to e-mail security, which had long been a concern. In the future, we would like to consider the common use of access control and login authentication for IDaaS, which we have not yet started using.
Risk management is an urgent issue in the automotive industry, and the use of IT and digital technology is essential to achieving this. In January 2024, we restructured our organization so that the Risk Management Office, which is in charge of internal control, governance, and compliance, and the Digital Reformation Department, which is in charge of IT and digital utilization, can work together to respond to various changes in the environment. We will continue our efforts to strengthen security, including the prevention of information leaks, and to enhance supply chain collaboration.