Information Security Policy | TAIYO YUDEN CO., LTD.

TAIYO YUDEN Group Information Security Policy

Based on its mission and management philosophy, TAIYO YUDEN Group appropriately manages information assets entrusted by its customers and business partners and information assets held by TAIYO YUDEN Group, recognizes that the maintenance and improvement of information security is one of its major business challenges, has established the following policy and will continue to take measures for information security.

1. Compliance: TAIYO YUDEN Group shall comply with laws, regulations, contractual requirements and other rules in respective countries and regions.
2. Improvement of management quality for business growth: TAIYO YUDEN Group shall enhance its information security in order to improve its management quality for business growth and increase its social value as a corporation.
3.Appropriate management of information assets: TAIYO YUDEN Group shall appropriately manage important information assets containing personal information, customer information, and trade secret information in order to protect the rights and interests of all stakeholders.
4. Response to information security incidents: In the event of a security problem with information assets, TAIYO YUDEN Group shall promptly conduct an investigation into the cause of the problem, minimize the damage and endeavor to prevent recurrence in order to secure business continuity.
5. Continuous improvement of information security: TAIYO YUDEN Group shall continuously endeavor to improve its information security through the establishment of a management system, as well as goal setting for resolution of information security issues, implementation of various measures, verification of their effectiveness, and carrying out of improvement activities.

Established on July 1, 2023
Officer in charge of Information Security

Basic Approach

Taiyo Yuden Group has established a global information security management system and conducts activities under the Information Security Policy to maintain and improve information security.

System

Taiyo Yuden Group has established and implemented an information security management system to realize the Information Security Policy.
We have established an Information Security Committee as a subordinate organization of the Sustainability Committee to deliberate on measures and directions related to information security for maintaining and improving information security in our group.
In addition, the Information Systems HQ Department leads the information security management for the entire Group, and information security managers and officers assigned to each department and Group company promote information security activities in each organization.

Information Security Certification

Since 2023, Taiyo Yuden Group has been pursuing ISO27001 certification, an international standard for information security certification, for the following three purposes:

Reduction of information security risks
Improvement of operational efficiency through organization of work and procedures and establishment of rules
Improvement of external reliability regarding information security

In fiscal 2023, we obtained ISO27001 certification for multiple departments at the Takasaki Global Center. We are also pursuing certification at other locations.

Our Initiatives

Our Group implements information security measures from organizational, human, physical, and technical perspectives.

Organizational and Human Measures: Our Group has established Group regulations related to information security and aims to improve information security literacy through internal education.
We conduct education at the time of joining the company, regular education for all employees, role-specific education, and training for responding to suspicious emails and incidents.
Physical Measures: Our Group designates areas that require high confidentiality, such as server rooms and production processes, and implements heightened security levels and entry/exit management.
Technical Measures: Our Group implements multi-layered defense against cyber attacks, including malware countermeasures, vulnerability countermeasures, and network security countermeasures, as well as confidential information protection measures through access rights management and encryption.