Information Security

• President's Message
• DENSO Group Declaration of Corporate Behavior
• Corporate Governance
• Compliance
• Risk Management
• Information Security

Basic stance

We recognize that technology, information and the personal data of customers and employees are valuable assets. Based on this understanding, we formulated the DENSO Group Basic Principles of Information Security in 2003 and have since worked to strengthen data protection and management. We have established the DENSO Group Information Security Standards, which define 142 areas of management based on the globally recognized ISMS*. The standards have been adopted by 56 domestic Group companies and 77 overseas Group bases. To protect information assets and facilitate prompt and proper operations, we also have developed a new policy in fiscal 2008 requiring that security measures take into account not only confidentiality but also integrity and availability (system robustness and resilience). We are currently working to develop such measures that meet this mandate.

* Information Security Management System

DENSO Group Basic Principles of Information Security (outline)

Vision

All DENSO Group companies must build and continuously improve a world-class information security system in order to provide suitable protection for the information assets that serve as a valuable management resource for each company and actively utilize those assets.

Company initiatives

DENSO Group companies must implement the following measures in order to fulfill the vision described above:

1. Assessment of the risks inherent in information assets (assessment of risk types and reduction levels)
2. Implementation of information security measures (development, documentation and dissemination of methods)
3. Building of a management system (shared responsibilities and roles of departments, establishment of audit section and separation of authority)
4. Explicit articulation of management processes (evaluation of risks, development of countermeasures, education, auditing, understanding exceptions and ongoing improvements)

Structures and audits

Under the Information Security Control Improvement Division, we established responsible persons for information security and the Security Control Secretariat as special organizational units, and we assigned security management promotion officers and leaders to each Company department. To promote associated activities, we built a management structure based on international information management system standards (ISO/IEC 27001, etc.), and we are continuously working to enhance our approach by conducting annual security management audits, self-reviews and a monitoring survey to assess circumstances at Group companies. We are also expanding the scope of our shared guidelines to include domestic and overseas Group companies and pursuing regular follow-up activities. Taking the awareness generated by the theft of a computer containing design drawing files by a DENSO technician in February 2007 as an opportunity to enhance security, we set the month following February 14 (Security Management Day) as Security Management Month in order to carry out awareness-raising activities in a focused manner.

Security control structure

Fiscal 2010 activities

To enhance computer security, in fiscal 2008 DENSO Corporation undertook a number of measures that included instituting the use of chain locks and deploying a sophisticated encryption tool, along with efforts to expand such measures to encompass all Group companies. We also continuously restricted the removal of computers from DENSO facilities to units provided specifically for that purpose, tightened access to shared servers and placed restrictions on the use of recordable media in fiscal 2010.

During Security Management Month, we conducted security management education programs, inspections of computers and recordable media taken out of DENSO facilities and security management audits. Moreover, we also sought to augment our normal training for managers, new employees training and training by employment level. We have been conducting e-learning on information security for all employees with computers since fiscal 2010. In addition, we held briefing sessions in March 2010 for all departmental security management officers, where we requested that they redouble their efforts to adhere to the special measures and confirm the establishment of these measures.

Because high management awareness on the part of individual employees is the foundation of information security, we will continue to focus on enhancing information management skills among outside staff (dispatched employees, contract workers) and suppliers, responding appropriately to incidents and accidents (clarification of punitive rules and regulations), promoting regular inventory of confidential information and expanding awareness-raising activities for employees.

There were no incidents or accidents in fiscal 2010 involving the unauthorized disclosure of information.