Information Security Efforts
The Kyocera Group recognizes the importance of information resources and aims to strengthen information security. To serve as a trusted member of society, Kyocera has established the Basic Information Security Policy, which defines Kyocera's information security objectives, measures, and action guidelines. Through promoting this policy, we continuously strive to prevent and reduce information security risks.
Basic Information Security Policy
With the expansion of cyberspace, the Kyocera Group continues to strive to understand the importance of all its information assets and to strengthen the handling of those assets. To respond to the trust of society as a whole, including our customers, business partners, investors, employees, and other stakeholders, we have established a basic information security policy, and declare that we will carry out our business in accordance with this policy.
The purpose of the basic policy is to establish basic rules regarding information security measures to be implemented by the Kyocera Group in order to maintain the confidentiality, integrity, and availability of the information assets held by the Kyocera Group.
Scope of application
This basic policy applies to information assets (including personal information) related to all business activities managed by the Kyocera Group.
Information security management system
To protect and appropriately manage information assets, the Kyocera Group has established the Information Security Committee, and the Chief Information Security Officer is responsible for overall information security management.
Compliance with laws and contractual requirements
The Kyocera Group regularly investigates information security requirements, and strictly follows the various laws and regulations of each country, the guidelines and norms of each country, and industry standards and our contractual obligations with business partners.
Education and training for employees
The Kyocera Group understands our social responsibility with regard to appropriately handling information assets, and provides constant education and training that are necessary for employees to appropriately use and manage information assets.
Implementation of measures
The Kyocera Group will endeavor to prevent the occurrence of information security incidents by implementing information security measures against external attacks and threats of internal fraud. These measures will be appropriate to the type of information asset. In the event of a violation of laws or regulations, breach of contract, or an incident related to information security, we will immediately and appropriately resolve the situation and implement recurrence preventive measures.
Regular evaluation and continuous improvement
To respond to changes in the business environment and social conditions while maintaining information security, the Kyocera Group will regularly evaluate our information security management system and the implementation status, and continuously formulate and implement improvement plans.
July 1st, 2022
Goro Yamaguchi, Chairman of the Board and Representative Director
Hideo Tanimoto, President and Representative Director
ISO27001Certificate of Registration
Kyocera Group (Japan)
Implementation of Information Security Training
The Kyocera Group conducts information security training based on its Information Security Training Regulations. In order to raise awareness about information security and inform employees of their responsibilities, specialized training relating to the maintenance and management of information security is provided, in addition to annual training for new employees, general training for all employees, and training for managers and supervisors.
Procedures and Countermeasures in the Event of an Emergency
According to the Information Security Incident Management Regulations, an “incident” is defined as "a situation that threatens business operations or information security as a result of an undesired or unexpected occurrence or accident related to information security." These regulations also state the measures to be taken in the event of an incident and procedures for subsequent management.
Status of Vulnerability Countermeasures
Kyocera performs vulnerability diagnoses on public servers at least once a year. Also, we work to prevent security incidents by constantly collecting and spreading the latest vulnerability and security information from around the world through the CSIRT.
Kyocera Joins the Nippon CSIRT Association
In January 2021, Kyocera officially joined the Nippon CSIRT Association. Through the activities of this council, we will strive to improve the security level of the entire Kyocera Group by sharing security incidents and vulnerability information with other member companies.
●Nippon CSIRT Association
・Official name of the team：KYOCERA Security Incident Response Team.
・Organization name：KYOCERA Corporation
Public Announcement of Security Incidents
On October 16, 2020, a suspected information leak resulting from the Emotet malware was announced on the Kyocera website.
● Apology and notification regarding the possibility of suspicious emails impersonating Kyocera and leakage of personal information
Efforts to Protect Personal Information
Personal Information Protection Management System
The Kyocera Group regards the personal information obtained from stakeholders through business activities as important private information and strives to protect it thoroughly as a primary social responsibility. Kyocera has set up rules to protect specific personal information, clarified personal information usage purposes, set up a dedicated contact for inquiries, and provides regular education to employees handling private information, thereby ensuring thorough management. Also, regulations for Personal Information Protection have been established for employees to establish basic matters regarding the safeguarding of personal information, including a code of conduct for employees who handle personal information and the use of personal information management ledgers to monitor the management status of personal information centrally. Kyocera strives to ensure correct handling of personal information to maintain society's trust by preventing personal information from being compromised. These Personal Information Protection Management Regulations require employees to take necessary measures such as contacting related divisions, preventing the spread of damage, and carrying out investigations if personal information is leaked. Cases such as the leakage of personal details are incorporated into Kyocera's risk management policy by establishing the Kyocera Group Information Security Incident Management Regulations. The Personal Information Protection Management Regulations also stipulate that employees may be subject to disciplinary action if personal information is compromised. Kyocera strives to disseminate its Personal Information Protection Policy and Personal Information Protection Management Regulations within the company and enhance its effectiveness through regular training, surveys, and audits.
Communication System on Personal Information
- Top Management Message
- Kyocera Group's Value Creation Model
- Sustainability Management
- Priority Issues
- Kyocera Group CSR Guidelines
- Environmental Safety Policy / Targets and Promotion System
- Climate Change Scenarios
- Measures to Fight Climate Change
- Water Risk Response
- Recycling Activities
- Initiatives to Prevent Environmental Pollution
- Conservation of Biodiversity
- Environmentally Friendly Products / Green Procurement
- Environmental Communication
- A History of Our Environmental Protection Activities
- Developing Human Resources with Diverse Skillsets
- Respect for Human Rights
- Promoting Diversity and Inclusion
- Occupational Safety
- Occupational Health, Safety, and Fitness Initiatives
- Supply Chain Management
- Approaches to Raising Quality and Customer Satisfaction Levels
- Social Contribution Activities
- Academic Advancement and Research
- Support for Culture and the Arts
- International Exchanges and Collaboration
- Environmental Protection Activities
- Local Community Activities
- Contributions to Society through Business Activities