Governance System

The Kyocera Group promotes effective measures through the establishment of an information security governance system headed by the President and Representative Director, and continues to work diligently to improve the level of information security throughout the Group. As the Kyocera Group's Chief Officer, the President and Representative Director, oversees the entire information security system. In addition, under the direction of the Kyocera Group Chief Information Security Officer, the organization in charge of information security plays a central role in promoting the planning and implementation of security measures, and ensures thorough education on these measures throughout the Group.
To strengthen information security measures across the entire Group, the information security management organization works closely with Kyocera Group companies. They have established a Security Incident Response Team (SIRT) to promptly respond to and analyze security incidents, and to formulate recurrence prevention measures.
In addition to this important function, the Information Security Committee comprises the organization in charge of information security and the organizational information security officer appointed by each organization with the task of examining measures while sharing and coordinating the progress of and identifying issues with the information security measures in each organization.
Matters decided by the committee are disseminated to all employees through the organizational information security officer of each organization to raise information security awareness throughout the Group.
Providing support for the effectiveness of these functions, the Compliance Audit Officer conducts audits of each organization, and the Management System Audit Officer conducts audits of the organization in charge of information security to continuously evaluate the efficacy of the information security system.
Going forward, we will continue to work together as a group to strengthen and maintain information security.

Implementation of Information Security Training

The Kyocera Group conducts information security training based on Kyocera Group Information Security Regulations. In order to raise awareness about information security and inform employees of their responsibilities, specialized training relating to the maintenance and management of information security is provided, in addition to annual training for new employees, general training for all employees, and training for managers.

Procedures and Countermeasures in the Event of an Emergency

According to the Kyocera Group Information Security Regulations, an “incident” is defined as "a situation that threatens business operations or information security as a result of an undesired or unexpected occurrence or accident related to information security." These regulations also state the measures to be taken in the event of an incident and procedures for subsequent management.

Technical Measures

The Kyocera Group has implemented the following technical measures to strengthen information security. These measures serve to strengthen information security and defend against cyberattacks.

• Cyber Hygiene Initiatives
  The Kyocera Group monitors the security status of the entire system in real time, using tools to quickly detect and take effective countermeasures against vulnerabilities. As a result, cyber hygiene is thoroughly practiced. In environments open to the public, third-party^* vulnerability assessments are conducted at least once each year to strengthen defense measures against external attacks and to ensure the safety of the system.
• Strengthen Resilience
  The Kyocera Group has platform, detection, and response systems in place to strengthen resilience against cyberattacks. This minimizes damage by making it possible to quickly detect and effectively respond to attacks.
• Predictive Monitoring
  The Kyocera Group uses services to monitor for signs of cyber incidents. As a result, we are able to detect potential threats at an early stage and take prompt action to prevent incidents from occurring.

A third-party organization that provides services compliant with the "Information Security Service Standards" established by the Ministry of Economy, Trade and Industry

Kyocera Joins the Nippon CSIRT Association

In January 2021, Kyocera officially joined the Nippon CSIRT Association. Through the activities of this council, we will strive to improve the security level of the entire Kyocera Group by sharing security incidents and vulnerability information with other member companies.

●Nippon CSIRT Association

・Official name of the team：KYOCERA Security Incident Response Team.

・Team abbreviation：KC-SIRT

・Organization name：KYOCERA Corporation

Public Announcement of Security Incidents

Security incidents at our company are publicly announced on our company website.

Efforts to Protect Personal Information

Personal Information Protection Management System

The Kyocera Group regards the personal information obtained from stakeholders through business activities as important private information and strives to protect it thoroughly as a primary social responsibility. Kyocera has set up rules to protect specific personal information, clarified personal information usage purposes, set up a dedicated contact for inquiries, and provides regular education to employees handling private information, thereby ensuring thorough management. Also, regulations for Personal Information Protection have been established for employees to establish basic matters regarding the safeguarding of personal information, including a code of conduct for employees who handle personal information and the use of personal information management ledgers to monitor the management status of personal information centrally. Kyocera strives to ensure correct handling of personal information to maintain society's trust by preventing personal information from being compromised. These Personal Information Protection Management Regulations require employees to take necessary measures such as contacting related divisions, preventing the spread of damage, and carrying out investigations if personal information is leaked. Cases such as the leakage of personal details are incorporated into Kyocera's risk management policy by establishing the Kyocera Group Information Security Regulations. The Personal Information Protection Management Regulations also stipulate that employees may be subject to disciplinary action if personal information is compromised. Kyocera strives to disseminate its Personal Information Protection Policy and Personal Information Protection Management Regulations within the company and enhance its effectiveness through regular training, surveys, and audits.

Communication System on Personal Information