We formulated the DENSO Group Basic Principles of Information Security in 2003 and have since worked to strengthen data protection and management. We have established the DENSO Group Information Security Standards, which define 142 areas of management based on the globally recognized ISMS*. The standards have been adopted by 56 domestic Group companies and 76 overseas Group bases. To protect information assets and facilitate prompt and proper operations, we also have developed a new policy in fiscal 2008 requiring that security measures take into account not only confidentiality but also integrity and availability (system robustness and resilience). We are currently working to develop such measures that meet this mandate.
*Information Security Management System
DENSO Group Basic Principles of Information Security (outline)
All DENSO Group companies must build and continuously improve a world-class information security system in order to provide suitable protection for the information assets that serve as a valuable management resource for each company and actively utilize those assets.
DENSO Group companies must implement the following measures in order to fulfill the vision described above:
- Assessment of the risks inherent in information assets (assessment of risk types and reduction levels)
- Implementation of information security measures (development, documentation and dissemination of methods)
- Building of a management system (shared responsibilities and roles of departments, establishment of audit section and separation of authority)
- Explicit articulation of management processes (evaluation of risks, development of countermeasures, education, auditing, understanding exceptions and ongoing improvements)
Structures and audits
Under the Information Security Control Improvement Division, we established responsible persons for information security and the Security Control Secretariat as special organizational units, and we assigned security management promotion officers and leaders to each Company department. To promote associated activities, we built a management structure based on international information management system standards (ISO/IEC 27001, etc.), and we are continuously working to enhance our approach by conducting annual security management audits, self-reviews and a monitoring survey to assess circumstances at Group companies. We are also expanding the scope of our shared guidelines to include domestic and overseas Group companies and pursuing regular follow-up activities. We are reviewing our shared guidelines, in particular, so that we can make detailed evaluations according to the type of business, business formats and the information that we hold.
In addition, taking the awareness generated by the theft of a computer containing design drawing files by a DENSO technician in February 2007 as an opportunity to enhance security, we set March of every year as Security Management Month in order to carry out awareness-raising activities in a focused manner.
Security control structure
Approach to information security initiatives
Fiscal 2012 activities
DENSO Corporation continued to undertake a number of measures in fiscal 2012 that included restricting the removal of computers from DENSO facilities to units provided specifically for that purpose, tightening access to shared servers and placing restrictions on the use of recordable media.
During Security Management Month, we conducted security management education programs, inspections of computers and recordable media taken out of DENSO facilities and security management audits. Moreover, we also sought to augment our normal training for managers, new associates’ training and training by associate level. We have been conducting e-learning on information security for all associates with computers since fiscal 2010. In addition, we held briefing sessions in February 2012 for all departmental security management officers, in which we requested that they redouble their efforts to adhere to the special measures and confirm the establishment of these measures.
Because high management awareness on the part of individual associates is the foundation of information security, we will continue to focus on enhancing information management skills among outside staff (temporary associates, contract workers) and suppliers, responding appropriately to incidents and accidents (clarification of punitive rules and regulations), promoting regular inventory of confidential information and expanding awareness-raising activities for associates. There were no incidents or accidents in fiscal 2012 involving the unauthorized disclosure of information.