Security Control / Information Security
Information Security Policy
We regard all of our own information assets as one of our management resources. Through the proper protection and effective use of our information assets, we pursue healthy maintenance and development of our business.
- We establish rules that clearly define the system and responsibilities for the protection and management of all the information assets including the information we keep for our customers, the know-how and intellectual properties owned by our Group, and personal information.
- We comply with laws, ordinances, and regulations regarding information security.
- We educate all executives and employees who handle information assets about the importance of information security, and about specific items to be observed.
- We continuously update the information infrastructure for the maintenance and improvement of the confidentiality and stability of all the information assets.
- We promote measures to prevent accidents in order to address the risks of information leakage associated with the continuous advancement and sophistication of information technology. Should an accident occur, we will strive to minimize the damage and take preventive measures against recurrence.
We have established the Group Information Security Regulations and Confidentiality Management Regulations, striving for the appropriate management and operation of confidential information — including company group information and personal information of customers and suppliers.
Along with strengthening the protection of personal information in recent years, we have established internal regulations to ensure the thorough protection, management, and handling of personal information of customers, employees, and others.
Conducting Continuous Security Measures
We are continuously handling the risk of threats to corporations and organizations dealing with information securities.
Furthermore, with the increase of the damages caused by recent cyber security attacks, we have established a team called CSIRIT (Computer Security Incident Response Team) in order to respond to the information security incident. We are working to improve our security measures through not only proactive defense but also follow-up measures.
Carrying Out Periodic Inspections Related to Confidentiality Management
Based on the confidentiality management rules we established, the Confidentiality Management Committee performs annual company-wide inspections of the status of confidentiality management.
For the inspections, we have adopted a method of carrying out mutual interdivisional inspections in addition to updating the self-checks carried out in the past in accordance with recent advancements.
Furthermore, we have not only established rules for confidential information handled in-house, but also rules to prevent leaks of confidential information taken outside the company, including procedures for the use of mobile PCs and cloud service, and we have confirmed compliance with these rules.