THE NEW VALUE FRONTIER
  1. Home
  2. Sustainability
  3. Governance
  4. Information Security

Information Security

Information Security Efforts

Kyocera has established an Information Security Management Policy for the entire Kyocera Group based on our recognition that the company’s management strategies, product development, expertise, technology, organization, personnel information, and related information constitute important assets. The company President serves as Chief Officer of the information security management system.

Information Security Management Policy

The Information Security Management Policy facilitates effective use of information assets held by the Kyocera Group. It is intended to contribute to the group's management by establishing fundamental matters to be observed and ensuring that information is properly protected. In addition to governing such matters as management systems to ensure information security, the handling of confidential information, and emergency response plans, this policy sets up sanctions for dealing with violations of internal security regulations.

Information Security Management System

Based on our Information Security Management Policy, Kyocera has formulated rules to govern Classified Information Management, Personal Information Protection, Intellectual Property Management, Technological Know-how Leak Prevention, Physical Security Management, and Visitor Management. In addition, to ensure thorough information security, the company has adopted Personnel Security Regulations for managing classified information, intellectual property, physical security, visitors, and personnel security. The Kyocera Group has established an Information Security Committee and a Digital Information Security Committee.

Also, the group has established a Risk Management and Compliance Conference and an Electronic Information Security Committee. These committees implement various digital security measures, including periodic training sessions specific to employee job functions or duties, restrictions on taking information-related devices outside the company, measures to prevent information asset leaks, comprehensive management of IT assets, and security measures against cyberattacks. Group companies outside of Japan also strengthen information security by upholding national laws, business practices, cultures, and various business types within each local region, based on their information security management guidelines and regulations.

As part of our efforts to prevent increasingly sophisticated security threats and strengthen the group's ability to respond in an incident, an organization to promote activities relating to the Computer Security Incident Response Team (CSIRT) was launched in April 2020.

Implementation of Information Security Training

The Kyocera Group conducts information security training based on its Information Security Training Regulations. In order to raise awareness about information security and inform employees of their responsibilities, specialized training relating to the maintenance and management of information security is provided, in addition to annual training for new employees, general training for all employees, and training for managers and supervisors.

Information Security Training Materials
Information Security Training Materials

Procedures and Countermeasures in the Event of an Emergency

According to the Information Security Incident Management Regulations, an “incident” is defined as "a situation that threatens business operations or information security as a result of an undesired or unexpected occurrence or accident related to information security." These regulations also state the measures to be taken in the event of an incident and procedures for subsequent management.

Status of Vulnerability Countermeasures

Kyocera regularly performs vulnerability diagnoses on public servers. Also, we work to prevent security incidents by constantly collecting and spreading the latest vulnerability and security information from around the world through the CSIRT.

Public Announcement of Security Incidents

On October 16, 2020, a suspected information leak resulting from the Emotet malware was announced on the Kyocera website.

Apology and notification regarding the possibility of suspicious emails impersonating Kyocera and leakage of personal information

Efforts to Protect Personal Information

Personal Information Protection Management System

The Kyocera Group regards the personal information obtained from stakeholders through business activities as important private information and strives to protect it thoroughly as a primary social responsibility. Kyocera has set up rules to protect specific personal information, clarified personal information usage purposes, set up a dedicated contact for inquiries, and provides regular education to employees handling private information, thereby ensuring thorough management. Also, regulations for Personal Information Protection have been established for employees to establish basic matters regarding the safeguarding of personal information, including a code of conduct for employees who handle personal information and the use of personal information management ledgers to monitor the management status of personal information centrally. Kyocera strives to ensure correct handling of personal information to maintain society's trust by preventing personal information from being compromised. These Personal Information Protection Management Regulations require employees to take necessary measures such as contacting related divisions, preventing the spread of damage, and carrying out investigations if personal information is leaked. Cases such as the leakage of personal details are incorporated into Kyocera's risk management policy by establishing the Kyocera Group Information Security Incident Management Regulations. The Personal Information Protection Management Regulations also stipulate that employees may be subject to disciplinary action if personal information is compromised. Kyocera strives to disseminate its Personal Information Protection Policy and Personal Information Protection Management Regulations within the company and enhance its effectiveness through regular training, surveys, and audits.

Photo: Personal Information Protection Management Regulations
Personal Information Protection Management Regulations

Communication System on Personal Information

Communication system on personal information