GTM-WVKJGV2
Skip to main content

Information Security

Our Basic Approach to Information Security

We are ensuring the proper management and use of information, in line with internal rules based on the Code of Conduct in the Fujitsu Way. We see maintaining confidentiality as a vital aspect of our social responsibility. Based on this approach, we have established the Fujitsu Group Information Security Policy, consistent throughout the world, and are promoting information security in accordance with the policy.

Fujitsu Group Information Security Policy

  1. Objectives
    Being fully aware of the fact that information provides basis for the Fujitsu group's business activities and the risks that accompany the management of information, Fujitsu group meets the information security requirements to achieve the following objectives. This is to conform to the Corporate Values of FUJITSU Way, we seek to be the customer s valued and trusted partner and we build mutually beneficial relationships with business partners. , and to enforce the confidentiality defined in Code of Conduct as essential part of social responsibility.
    1. (1) Fujitsu group properly maintains information delivered by individuals, corporate clients or vendors in the business processes to protect the rights and interests of these subjects.
    2. (2) Fujitsu group properly maintains trade secret, technical information and other valuable information in the business processes to protect the rights and interests of the group.
    3. (3) Fujitsu group properly maintains information in the business processes to provide products and services in a timely and stable manner and to ensure social functionality of the group.
  2. Principles
    Fujitsu group applies the following principles in meeting the information security.
    1. (1) Preservation of confidentiality, integrity and availability shall be the objective of information security, and the information security measures shall be planned to meet the objective.
    2. (2) Organizational structure and responsibility shall be clearly defined to ensure the proper implementation of the information security measures.
    3. (3) The risks that accompany the handling of information and investments required for the measures shall be taken into consideration to properly implement the information security measures.
    4. (4) Information security processes shall be organized into Plan, Do, Check and Act phases to keep and enhance the level of information security.
    5. (5) Executives and employees shall be provided with awareness and education program on the information security and act with the knowledge of its sensitive nature to ensure the proper implementation of the information security measures.
  3. Fujitsu groups activities
    To ensure the implementation of the aforementioned objectives and principles, each Fujitsu group company shall prepare its policy and related procedures in compliance with this policy, and implement them.

Our Framework of Information Security Rules

Each Group company codifies related rules in accordance with the Fujitsu Group Information Security Policy, and implements information security measures. The Group identifies, analyzes and evaluates the risks that accompany business activities and works on measures to avoid or reduce them, and to deal with them quickly in the unlikely event that they materialize.

Our framework of information security rules

Initiatives for Strengthening Information Security

Teaching and Promoting Awareness of Information Security

Declaration for complete information management!The sticker affixed to business PCs

Starting in FY 2008, using a common slogan that translates as "Declaration for complete information management! Information management is the lifeline of the Fujitsu Group, "Fujitsu and domestic Group companies have been working to increase information security awareness at the individual employee level by displaying posters at respective business locations, affixing information security awareness stickers to all business PCs used by employees, and other measures. We have also taken steps to enhance security through the application of ICT, such as by introducing a mail checker tool(SHieldMailChecker), developed by Fujitsu Social Science Laboratory Limited, to prevent information leaks from e-mail being sent externally in error. Furthermore, e-learning courses are held for all our employees, including executives, each year in order to further establish information security awareness.

Held Information Security Presentation for Business Partners

As a result of dramatic change in the ICT environment in recent years, the risk of information leaks has never been higher. In response, the Fujitsu Group has held information security presentations, not only for Group employees but also for domestic business partners who commission software development and services, and we have worked to share information on challenges and thoroughly implement prevention measures.

  • Example of seminars held in FY 2013

Responding to Cyber Attacks

In response to the growing risk recently of security issues including targeted e-mail attacks and malware*1 infections, Fujitsu has established a special incident response team that will work with central government agencies and others on early detection and resolution of these risks.

Whenever new systems are installed, we follow all information security rules, undergo pre-operation inspections by the Security Control Unit, confirm that adequate measures are in place against cyber attacks, and ensure that problem areas are eliminated.

*1 Malware: Malicious software, including computer viruses, spyware, etc.

Strengthening Information Security at the Business Group Level

To assure the strongest possible information securitymanagement, we are working to implement a securitymanagement structure.The Group operates in a wide variety of industries and ispromoting individual businesses by organizing them intobusiness groups. Information security measures areimplemented to reflect the individual characteristics of eachbusiness.A number of business units at Fujitsu and some domesticGroup companies have acquired ISMS (Information SecurityManagement System)*2 certification and are working to providethorough management of confidential information includingcustomers' information.

*2 ISMS (Information Security Management System): A system for verifying compliance with the ISO/IEC 27001 international standard for information risk management.

Personal Data Protection Initiatives

Privacy Mark Logo

We have stipulated a Personal DataProtection Policy and Rules forManagement of Personal Data. Basedon these rules, we give education onhow private information should behandled and carry out surveys in anongoing effort to strengthen theprotection given.In August 2007, we acquired company-wide PrivacyMark*3certification and have since been renewing this certificationevery two years. Domestic Group companies are also acquiringPrivacyMark certification individually as necessary, andpromoting thoroughgoing management of personal data.Overseas Group companies are also publishing privacy policiesthat meet their various national legal and social requirementson their main public Internet websites.

*3 PrivacyMark: A certification system relating to the handling of private information. The system is operated by the general incorporated foundation Japan Institute for Promotion of Digital Economy and Community.