THE NEW VALUE FRONTIER
  1. Home
  2. Sustainability
  3. Governance
  4. Information Security

Information Security

Information Security Efforts

The Kyocera Group recognizes the importance of information resources and aims to strengthen information security. To serve as a trusted member of society, Kyocera has established the Basic Information Security Policy, which defines Kyocera's information security objectives, measures, and action guidelines. Through promoting this policy, we continuously strive to prevent and reduce information security risks.

Basic Information Security Policy

With the expansion of cyberspace, the Kyocera Group continues to strive to understand the importance of all its information assets and to strengthen the handling of those assets. To respond to the trust of society as a whole, including our customers, business partners, investors, employees, and other stakeholders, we have established a basic information security policy, and declare that we will carry out our business in accordance with this policy.

Purpose

The purpose of the basic policy is to establish basic rules regarding information security measures to be implemented by the Kyocera Group in order to maintain the confidentiality, integrity, and availability of the information assets held by the Kyocera Group.

Scope of application

This basic policy applies to information assets (including personal information) related to all business activities managed by the Kyocera Group.

Information security management system

To protect and appropriately manage information assets, the Kyocera Group has established the Information Security Committee, and the Chief Information Security Officer is responsible for overall information security management.

Compliance with laws and contractual requirements

The Kyocera Group regularly investigates information security requirements, and strictly follows the various laws and regulations of each country, the guidelines and norms of each country, and industry standards and our contractual obligations with business partners.

Education and training for employees

The Kyocera Group understands our social responsibility with regard to appropriately handling information assets, and provides constant education and training that are necessary for employees to appropriately use and manage information assets.

Implementation of measures

The Kyocera Group will endeavor to prevent the occurrence of information security incidents by implementing information security measures against external attacks and threats of internal fraud. These measures will be appropriate to the type of information asset. In the event of a violation of laws or regulations, breach of contract, or an incident related to information security, we will immediately and appropriately resolve the situation and implement recurrence preventive measures.

Regular evaluation and continuous improvement

To respond to changes in the business environment and social conditions while maintaining information security, the Kyocera Group will regularly evaluate our information security management system and the implementation status, and continuously formulate and implement improvement plans.


July 1st, 2022
Goro Yamaguchi, Chairman of the Board and Representative Director
Hideo Tanimoto, President and Representative Director
Kyocera Corporation

     

Governance System

The Kyocera Group has established an information security governance system ,which is led by the president to promote measures.

images: Governance System

Implementation of Information Security Training

The Kyocera Group conducts information security training based on its Information Security Training Regulations. In order to raise awareness about information security and inform employees of their responsibilities, specialized training relating to the maintenance and management of information security is provided, in addition to annual training for new employees, general training for all employees, and training for managers.

Information Security Training Materials
Information Security Training Materials

Procedures and Countermeasures in the Event of an Emergency

According to the Information Security Incident Management Regulations, an “incident” is defined as "a situation that threatens business operations or information security as a result of an undesired or unexpected occurrence or accident related to information security." These regulations also state the measures to be taken in the event of an incident and procedures for subsequent management.

Status of Vulnerability Countermeasures

Kyocera performs vulnerability diagnoses on public servers at least once a year. Also, we work to prevent security incidents by constantly collecting and spreading the latest vulnerability and security information from around the world through the CSIRT.

Kyocera Joins the Nippon CSIRT Association

In January 2021, Kyocera officially joined the Nippon CSIRT Association. Through the activities of this council, we will strive to improve the security level of the entire Kyocera Group by sharing security incidents and vulnerability information with other member companies.

Nippon CSIRT Association

・Official name of the team:KYOCERA Security Incident Response Team.

・Team abbreviation:KC-SIRT

・Organization name:KYOCERA Corporation

Public Announcement of Security Incidents

Security incidents at our company are publicly announced on our company website.

March 10, 2023 Suspected information leakage due to unauthorized access to Fujitsu Limited FENICS Internet Service

June 1, 2023 Regarding the Cybersecurity Incident at the U.S. Subsidiary

Efforts to Protect Personal Information

Personal Information Protection Management System

The Kyocera Group regards the personal information obtained from stakeholders through business activities as important private information and strives to protect it thoroughly as a primary social responsibility. Kyocera has set up rules to protect specific personal information, clarified personal information usage purposes, set up a dedicated contact for inquiries, and provides regular education to employees handling private information, thereby ensuring thorough management. Also, regulations for Personal Information Protection have been established for employees to establish basic matters regarding the safeguarding of personal information, including a code of conduct for employees who handle personal information and the use of personal information management ledgers to monitor the management status of personal information centrally. Kyocera strives to ensure correct handling of personal information to maintain society's trust by preventing personal information from being compromised. These Personal Information Protection Management Regulations require employees to take necessary measures such as contacting related divisions, preventing the spread of damage, and carrying out investigations if personal information is leaked. Cases such as the leakage of personal details are incorporated into Kyocera's risk management policy by establishing the Kyocera Group Information Security Incident Management Regulations. The Personal Information Protection Management Regulations also stipulate that employees may be subject to disciplinary action if personal information is compromised. Kyocera strives to disseminate its Personal Information Protection Policy and Personal Information Protection Management Regulations within the company and enhance its effectiveness through regular training, surveys, and audits.

Photo: Personal Information Protection Management Regulations
Personal Information Protection Management Regulations

Communication System on Personal Information

Communication system on personal information