We are ensuring the proper management and use of information, in line with internal rules based on the Code of Conduct in the Fujitsu Way. We see maintaining confidentiality as a vital aspect of our social responsibility. Based on this approach, we have established the Fujitsu Group Information Security Policy, consistent throughout the world, and are promoting information security in accordance with the policy.
Each Group company codifies related rules in accordance with the Fujitsu Group Information Security Policy, and implements information security measures. The Group identifies, analyzes and evaluates the risks that accompany business activities and works on measures to avoid or reduce them, and to deal with them quickly in the unlikely event that they materialize.
Starting in FY 2008, using a common slogan that translates as "Declaration for complete information management! Information management is the lifeline of the Fujitsu Group, "Fujitsu and domestic Group companies have been working to increase information security awareness at the individual employee level by displaying posters at respective business locations, affixing information security awareness stickers to all business PCs used by employees, and other measures. We have also taken steps to enhance security through the application of ICT, such as by introducing a mail checker tool(SHieldMailChecker), developed by Fujitsu Social Science Laboratory Limited, to prevent information leaks from e-mail being sent externally in error. Furthermore, e-learning courses are held for all our employees, including executives, each year in order to further establish information security awareness.
As a result of dramatic change in the ICT environment in recent years, the risk of information leaks has never been higher. In response, the Fujitsu Group has held information security presentations, not only for Group employees but also for domestic business partners who commission software development and services, and we have worked to share information on challenges and thoroughly implement prevention measures.
In response to the growing risk recently of security issues including targeted e-mail attacks and malware*1 infections, Fujitsu has established a special incident response team that will work with central government agencies and others on early detection and resolution of these risks.
Whenever new systems are installed, we follow all information security rules, undergo pre-operation inspections by the Security Control Unit, confirm that adequate measures are in place against cyber attacks, and ensure that problem areas are eliminated.
*1 Malware: Malicious software, including computer viruses, spyware, etc.
To assure the strongest possible information securitymanagement, we are working to implement a securitymanagement structure.The Group operates in a wide variety of industries and ispromoting individual businesses by organizing them intobusiness groups. Information security measures areimplemented to reflect the individual characteristics of eachbusiness.A number of business units at Fujitsu and some domesticGroup companies have acquired ISMS (Information SecurityManagement System)*2 certification and are working to providethorough management of confidential information includingcustomers' information.
*2 ISMS (Information Security Management System): A system for verifying compliance with the ISO/IEC 27001 international standard for information risk management.
We have stipulated a Personal DataProtection Policy and Rules forManagement of Personal Data. Basedon these rules, we give education onhow private information should behandled and carry out surveys in anongoing effort to strengthen theprotection given.In August 2007, we acquired company-wide PrivacyMark*3certification and have since been renewing this certificationevery two years. Domestic Group companies are also acquiringPrivacyMark certification individually as necessary, andpromoting thoroughgoing management of personal data.Overseas Group companies are also publishing privacy policiesthat meet their various national legal and social requirementson their main public Internet websites.
*3 PrivacyMark: A certification system relating to the handling of private information. The system is operated by the general incorporated foundation Japan Institute for Promotion of Digital Economy and Community.
Share this page