To prevent the leakage or divulgence of information that is important to companies, such as business, technological information, and personal information, whether in digital or paper form, the Hitachi High-Tech Group has implemented a range of measures and is working to strengthen information security.
As the Group is aware that efforts to maintain information security are a high priority, we have developed regulations and organizations to facilitate such efforts, as well as ensuring awareness among all employees. The Information Security Committee was established as an organization to promote information security management systems. It is conducting a range of activities in accordance with the "3 Principles to Prevent Leakage of Confidential Information" as a united company, from management through to regular employees.
Three Principles to Prevent Leakage of Confidential Information
- As a rule, it is forbidden to take confidential information outside the company.
- Approval must always be given by a superior before confidential information is taken outside the company due to business necessity.
- If confidential information is taken outside the company due to business necessity, measures must be implemented to avoid leakage of information.
Information Security System
The Information Security Committee was established as an organization to control information security of the whole company under the direction of the Information Security Administrator appointed by the President. In addition, under the direction of each manager, we are expanding security incident responses, alerts, and security strengthening measures throughout the company and Group.
Outline of Information Security Measures
We implement various measures for the prevention of information leaks, and are striving to strengthen information security through ongoing improvement by providing education and auditing to ensure that each employee is mindful of information security when carrying out everyday duties.
1. Measures to prevent information leaks when information devices are lost or stolen
- Computers: Hard disk passwords and encryption
- Mobile phones: device passwords, remote memory erasure, identification of location using GPS
2. Strengthening monitoring of leakage of important information
- Files: Managing file access according to the importance of the data, checking records of files being taken out of the company, monitoring the taking out of important information from the company
- E-mail: Restricting the sending of mail containing confidential information outside the company, restricting sending to multiple "To" and "Cc"“ addresses (prevention of leakage and spreading of mail recipient’s information), introducing tools that prevent the mistaken sending of messages by checking the address before sending
3. Preventing virus infection
- Restricting use of USB memory sticks (control of writing and other such measures)
- Introducing EDR (endpoint detection & response) tools
- Standardizing anti-virus software used at domestic Group companies
Results of Activities in FY2020
- Information security promotion meetings (explanation of measures, alerts, education) were held, with general managers of information security from the company’s business management divisions and domestic Group companies attending (June and October)
- All officers and employees of the company and domestic Group companies were surveyed to confirm that their personally owned information devices contain no business information (September-November)
- Education (e-Learning) on information security was provided to all officers and employees of the company and domestic Group companies (September–October)
- Self-auditing of information security related to the management status of personal information protection, confidential information, and information security (IT-related) was carried out in all departments of the company and domestic Group companies (November–March)
- A survey on the management status of prevention of leaks of information from trading partners was implemented (November–March)
- Spam mail response drills were implemented twice for all officers and employees of the company and domestic Group companies (September and February)