Skip to main content

Information Security

Our Basic Approach to Information Security

We are ensuring the proper management and use of information, in line with internal rules based on the Code of Conduct in the Fujitsu Way. We see maintaining confidentiality as a vital aspect of our social responsibility. Based on this approach, we have established the Fujitsu Group Information Security Policy, consistent throughout the world, and are promoting information security in accordance with the policy.

Fujitsu Group Information Security Policy

  1. Objectives
    Being fully aware of the fact that information provides basis for the Fujitsu group's business activities and the risks that accompany the management of information, Fujitsu group meets the information security requirements to achieve the following objectives. This is to conform to the Corporate Values of FUJITSU Way, we seek to be the customers' valued and trusted partner and we build mutually beneficial relationships with business partners, and to enforce the confidentiality defined in Code of Conduct as essential part of social responsibility.
    1. (1) Fujitsu group properly maintains information delivered by individuals, corporate clients or vendors in the business processes to protect the rights and interests of these subjects.
    2. (2) Fujitsu group properly maintains trade secret, technical information and other valuable information in the business processes to protect the rights and interests of the group.
    3. (3) Fujitsu group properly maintains information in the business processes to provide products and services in a timely and stable manner and to ensure social functionality of the group.
  2. Principles
    Fujitsu group applies the following principles in meeting the information security.
    1. (1) Preservation of confidentiality, integrity and availability shall be the objective of information security, and the information security measures shall be planned to meet the objective.
    2. (2) Organizational structure and responsibility shall be clearly defined to ensure the proper implementation of the information security measures.
    3. (3) The risks that accompany the handling of information and investments required for the measures shall be taken into consideration to properly implement the information security measures.
    4. (4) Information security processes shall be organized into Plan, Do, Check and Act phases to keep and enhance the level of information security.
    5. (5) Executives and employees shall be provided with awareness and education program on the information security and act with the knowledge of its sensitive nature to ensure the proper implementation of the information security measures.
  3. Fujitsu group's activities
    To ensure the implementation of the aforementioned objectives and principles, each Fujitsu group company shall prepare its policy and related procedures in compliance with this policy, and implement them.

Our Framework of Information Security Rules

Each Group company codifies related rules in accordance with the Fujitsu Group Information Security Policy, and implements information security measures. The Group identifies, analyzes and evaluates the risks that accompany business activities and works on measures to avoid or reduce them, and to deal with them quickly in the unlikely event that they materialize.

Our framework of information security rules

Initiatives for Strengthening Information Security

Teaching and Promoting Awareness of Information Security

Declaration for complete information management!The sticker affixed to business PCs

Starting in FY 2008, using a common slogan that translates as "Declaration for complete information management! Information management is the lifeline of the Fujitsu Group." Fujitsu and domestic Group companies have been working to increase information security awareness at the individual employee level by displaying posters at respective business locations, affixing information security awareness stickers to all business PCs used by employees, and other measures. We have also taken steps to enhance security through the application of ICT, such as by introducing a mail checker tool(SHieldMailChecker), developed by Fujitsu Social Science Laboratory Limited, to prevent information leaks from e-mail being sent externally in error. Furthermore, e-learning courses are held for all our employees, including executives, each year in order to further establish information security awareness.

Held Information Security Presentation for Business Partners

As a result of dramatic change in the ICT environment in recent years, the risk of information leaks has never been higher. In response, the Fujitsu Group has held information security presentations, not only for Group employees but also for domestic business partners who commission software development and services, and we have worked to share information on challenges and thoroughly implement prevention measures.

Responding to Cyber Attacks

In response to the growing risk recently of security issues including targeted e-mail attacks and malware*1 infections, Fujitsu has established a special incident response team that will work with central government agencies and others on early detection and resolution of these risks.

Whenever new systems are installed, we follow all information security rules, undergo pre-operation inspections by the Security Control Unit, confirm that adequate measures are in place against cyber attacks, and ensure that problem areas are eliminated.

*1 Malware: Malicious software, including computer viruses, spyware, etc.

Strengthening Information Security at the Business Group Level

To assure the strongest possible information security management, we are working to implement a security management structure. The Group operates in a wide variety of industries and is promoting individual businesses by organizing them into business groups. Information security measures are implemented to reflect the individual characteristics of each business. A number of business units at Fujitsu and some domestic Group companies have acquired ISMS (Information Security Management System)*2 certification and are working to provide thorough management of confidential information including customers' information.

*2 ISMS (Information Security Management System): A system for verifying compliance with the ISO/IEC 27001 international standard for information risk management.

Personal Data Protection Initiatives

Privacy Mark LogoWe have stipulated a Personal Data Protection Policy and Rules for Management of Personal Data. Based on these rules, we give education on how private information should be handled and carry out surveys in an ongoing effort to strengthen the protection given. In August 2007, we acquired company-wide PrivacyMark*3 certification and have since been renewing this certification every two years. Domestic Group companies are also acquiring PrivacyMark certification individually as necessary, and promoting thoroughgoing management of personal data. Overseas Group companies are also publishing privacy policies that meet their various national legal and social requirements on their main public Internet websites.

*3 PrivacyMark: A certification system relating to the handling of private information. The system is operated by the general incorporated foundation Japan Institute for Promotion of Digital Economy and Community.