We formulated the DENSO Group Basic Principles of Information Security in 2003 and have since worked to strengthen data protection and management. We have established the DENSO Group Information Security Standards, which define 142 areas of management based on the globally recognized ISMS*. The standards have been adopted by 45 domestic Group companies and 62 overseas Group bases. To protect information assets and facilitate prompt and proper operations, we also have developed a new policy in fiscal 2008 requiring that security measures take into account not only confidentiality but also integrity and availability (system robustness and resilience). We are currently working to develop such measures that meet this mandate.
*Information Security Management System
Structures and audits
Under the Information Security Management Committee, DENSO Corporation established the Information Security Management Secretariat as a special organizational unit, and assigned security management promotion officers and leaders to each Company department. To promote associated activities, we built a management structure based on international information management system standards (ISO/IEC 27001, etc.), and we are continuously working to enhance our approach through measures that include conducting annual security management audits and self-reviews within DENSO Corporation. Moreover, for part of the domestic Group (hereafter: functional companies), we are introducing management systems equivalent to the system at DENSO Corporation as we implement annual monitoring surveys to ascertain actual conditions at these functional companies.
Also, we are expanding the scope of our shared guidelines to include domestic and overseas Group companies with the exception of these functional companies and pursuing regular follow-up activities. We are reviewing our shared guidelines, in particular, so that we can make detailed evaluations according to the type of business, business formats and the information that we hold.
Security control structure
Approach to information security initiatives
High management awareness on the part of individual associates is the foundation of information security. DENSO Corporation implements such security measures as restricting the removal of computers from DENSO facilities to units provided specifically for that purpose, tightening access to shared servers and placing restrictions on the use of recordable media. At the same time, it promotes various enlightenment activities for associates.
Prompted by an incident in February 2007 involving the theft by a DENSO technician of a PC containing design drawing data, every March we hold Security Management Month during which time we intensively implement enlightenment activities.
|Associate education||Training for managers, new associates’ training and training by employment level|
|Security Management Month||Security management education programs, inspections of computers and recordable media taken out of DENSO facilities, security management audits and e-learning (from 2009) on information security for all associates with computers, etc.|
Activities in fiscal 2013
Besides activities carried out to the present, in associate enlightenment activities, DENSO Corporation held normal training for managers, new associates’ training and training by employment level. Additionally, in March 2013 DENSO Corporation held training for all departmental security management officers, in which we requested that they redouble their efforts to adhere to the special measures and confirm that these measures are firmly established. Also, we commenced monitoring for information management of outside staff (temporary associates, associates from contract companies) and suppliers.
In fiscal 2013, there were no incidents or accidents involving the unauthorized disclosure of information.
In the future, the information security circumstances surrounding DENSO are expected to change and we will continually review and strengthen our information management structure in response to the changing environment.