太阳诱电集团信息安全方针
基于本公司的使命和经营理念,妥善地管理客户和业务合作伙伴提供的信息资产和本公司持有的信息资产,并致力于维持和提高信息安全水平,太阳诱电集团(以下称为“本公司”)将其视为重要的经营课题之一,制定以下方针,采取持续性的信息安全措施。
- 1. 遵守法令
- 遵守各个国家和地区的法令、法规、合同要求以及其他规范。
- 2. 提高支撑事业发展的经营质量
- 通过强化信息安全,提高支撑事业发展的经营质量,提升企业的社会价值。
- 3.妥善管理信息资产
- 妥善管理包括个人信息、客户信息和营业机密信息的重要信息资产,保护所有利益相关者的权利和利益。
- 4. 针对信息安全事故的应对
- 当发生信息资产方面的安全问题时,迅速查明其原因,将其损失降至最低,并努力防止再次发生,确保事业的可持续性。
- 5. 持续改善信息安全
- 通过建立管理体系,设定有助于解决信息安全相关课题的目标、实施各种措施、确认有效性、开展改善活动,致力于持续改善信息安全。
2023年7月1日 制定
信息安全负责董事
Basic Approach
Taiyo Yuden Group has established a global information security management system and conducts activities under the Information Security Policy to maintain and improve information security.
System
Taiyo Yuden Group has established and implemented an information security management system to realize the Information Security Policy.
We have established an Information Security Committee as a subordinate organization of the Sustainability Committee to deliberate on measures and directions related to information security for maintaining and improving information security in our group.
In addition, the Information Systems HQ Department leads the information security management for the entire Group, and information security managers and officers assigned to each department and Group company promote information security activities in each organization.
Information Security Certification
Since 2023, Taiyo Yuden Group has been pursuing ISO27001 certification, an international standard for information security certification, for the following three purposes:
-
Reduction of information security risks
-
Improvement of operational efficiency through organization of work and procedures and establishment of rules
-
Improvement of external reliability regarding information security
In fiscal 2023, we obtained ISO27001 certification for multiple departments at the Takasaki Global Center. We are also pursuing certification at other locations.
Our Initiatives
Our Group implements information security measures from organizational, human, physical, and technical perspectives.
- Organizational and Human Measures
- Our Group has established Group regulations related to information security and aims to improve information security literacy through internal education.
We conduct education at the time of joining the company, regular education for all employees, role-specific education, and training for responding to suspicious emails and incidents. - Physical Measures
- Our Group designates areas that require high confidentiality, such as server rooms and production processes, and implements heightened security levels and entry/exit management.
- Technical Measures
- Our Group implements multi-layered defense against cyber attacks, including malware countermeasures, vulnerability countermeasures, and network security countermeasures, as well as confidential information protection measures through access rights management and encryption.