The JVCKENWOOD Group recognizes the importance of the management of confidential information and the protection of personal data processed in our business activities, and we operate our business in compliance with the variety of regulations that govern information management. The group employees perform their day-to-day duties keenly aware of the importance of information management, ensuring that they comply with laws and regulations on information security and personal data protection at all business locations in Japan and other countries. We are also making ongoing efforts to build a stronger information management system by enhancing system security, providing thorough information management training to employees, and reducing the risk of information leaks with an eye to bolstering information security management across the Group. That includes ensuring the security of networkable products in order to prevent falsification or leakage of information as well as malicious third-party attacks that are intended to cause malfunctions (see Product Quality & Safety page for more information). Some of our business sectors (e.g., Public Service Sector) and group companies (e.g., JVCKENWOOD Creative Media) have obtained the ISO/IEC27001 certification, and we will be recommending other group companies to acquire such certification as needed.
JVCKENWOOD Group’s comprehensive policy on information security
Policy on product security for products manufactured/sold by the JVCKENWOOD Group
Policy on JVCKENWOOD Group’s information assets
The JVCKENWOOD Group is building and reinforcing its information security system in line with its Basic Policy on Information Security by formulating rules on information management, implementing relevant measures, and providing employee training. At the same time, we remain aware of changes in the external environment and threats to our information assets as we build a system that enables us to ensure information security and quickly respond to such changes and threats. The Corporate Information Security Committee chaired by the risk management officer meets regularly and assesses information security risks in order to maintain an information security management system, monitor its operation, and implement necessary measures. Specifically, we have consolidated information systems on an integrated server, we conduct drills to counter targeted attacks from external sources, and we maintain a Computer Security Incident Response Team (CSIRT). To ensure product security, we adhere to the Basic Policy on Product Security across the Group, promote Security by Design (SBD), and maintain a Product Security Incident Response Team (PSIRT). In addition to collecting and analyzing information on information security on an ongoing basis and taking necessary measures, we have a system in place that enables us to respond quickly to incidents, such as information leaks. We have set up a task force consisting of a risk management officer, information security officer, and other personnel as necessary. In this way, we ensure that security incidents are responded to appropriately by minimizing their impact while developing recovery and preventive measures, etc.
We have been working to protect personal data under the JVCKENWOOD Group Personal Data Protection Policy. We have long recognized the importance of protecting the personal data of customers, business partners and employees, but public demands in this regard have recently become even more stringent. In light of the 2017 revisions to the Act on the Protection of Personal Information, greater efforts to protect personal data are necessary to address the growing business on Internet of Things (IoT).
Against this backdrop, the relevant organizations within the JVCKENWOOD Group have begun collaborating in the implementation of IoT security countermeasures, including personal data protection, in line with the amended Act on the Protection of Personal Information to ensure that the personal information of people using our products/services is not improperly used. While we did not have any incidents or complaints concerning information security in FY2019, we will be monitoring new legislation and social needs as we address this issue company-wide to ensure that our customers can use our products/services with peace of mind.
The JVCKENWOOD Group regularly conducts IT security training for our employees in Japan. This training is implemented as simulation for targeted e-mail attacks and as programs for general employees, PC advisors, and new employees, respectively. In FY2019, the relevant items were covered in tier-specific training, with more than 90% of participation rate for general employees.
Various types of IT security training have been implemented, and proactive special training covering issues such as suspicious emails was provided to 100% of target employees in FY2019. We hope to make more employees aware of the need for such training and create workplace environments that facilitate participation of training. We are determined to reduce the percentage of employees opening suspicious e-mails and improve the training participation rate.