We are ensuring the proper management and use of information, in line with internal rules based on the Code of Conduct in the Fujitsu Way. We see maintaining confidentiality as a vital aspect of our social responsibility. Based on this approach, we have established the Fujitsu Group Information Security Policy, consistent throughout the world, and are promoting information security in accordance with the policy.
Each Group company codifies related rules in accordance with the Fujitsu Group Information Security Policy, and implements information security measures. The Group identifies, analyzes and evaluates the risks that accompany business activities and works on measures to avoid or reduce them, and to deal with them quickly in the unlikely event that they materialize.
Starting in FY 2008, using a common slogan that translates as "Declaration for complete information management! Information management is the lifeline of the Fujitsu Group." Fujitsu and domestic Group companies have been working to increase information security awareness at the individual employee level by displaying posters at respective business locations, affixing information security awareness stickers to all business PCs used by employees, and other measures. We have also taken steps to enhance security through the application of ICT, such as by introducing a mail checker tool(SHieldMailChecker), developed by Fujitsu Social Science Laboratory Limited, to prevent information leaks from e-mail being sent externally in error. Furthermore, e-learning courses are held for all our employees, including executives, each year in order to further establish information security awareness.
As a result of dramatic change in the ICT environment in recent years, the risk of information leaks has never been higher. In response, the Fujitsu Group has held information security presentations, not only for Group employees but also for domestic business partners who commission software development and services, and we have worked to share information on challenges and thoroughly implement prevention measures.
In response to the growing risk recently of security issues including targeted e-mail attacks and malware*1 infections, Fujitsu has established a special incident response team that will work with central government agencies and others on early detection and resolution of these risks.
Whenever new systems are installed, we follow all information security rules, undergo pre-operation inspections by the Security Control Unit, confirm that adequate measures are in place against cyber attacks, and ensure that problem areas are eliminated.
*1 Malware: Malicious software, including computer viruses, spyware, etc.
To assure the strongest possible information security management, we are working to implement a security management structure. The Group operates in a wide variety of industries and is promoting individual businesses by organizing them into business groups. Information security measures are implemented to reflect the individual characteristics of each business. A number of business units at Fujitsu and some domestic Group companies have acquired ISMS (Information Security Management System)*2 certification and are working to provide thorough management of confidential information including customers' information.
*2 ISMS (Information Security Management System): A system for verifying compliance with the ISO/IEC 27001 international standard for information risk management.
We have stipulated a Personal Data Protection Policy and Rules for Management of Personal Data. Based on these rules, we give education on how private information should be handled and carry out surveys in an ongoing effort to strengthen the protection given. In August 2007, we acquired company-wide PrivacyMark*3 certification and have since been renewing this certification every two years. Domestic Group companies are also acquiring PrivacyMark certification individually as necessary, and promoting thoroughgoing management of personal data. Overseas Group companies are also publishing privacy policies that meet their various national legal and social requirements on their main public Internet websites.
*3 PrivacyMark: A certification system relating to the handling of private information. The system is operated by the general incorporated foundation Japan Institute for Promotion of Digital Economy and Community.
Share this page