The JVCKENWOOD Group recognizes the importance of the management of confidential information and the protection of personal data processed in our business activities, and we operate our business in compliance with the variety of regulations that govern information management. The group employees perform their day-to-day duties keenly aware of the importance of information management, ensuring that they comply with laws and regulations on information security and personal data protection at all business locations in Japan and other countries. We are also making ongoing efforts to build a stronger information management system by enhancing system security, providing thorough information management training to employees, and reducing the risk of information leaks with an eye to bolstering information security management across the Group. That includes ensuring the security of networkable products in order to prevent falsification or leakage of information as well as malicious third-party attacks that are intended to cause malfunctions (see Product Quality & Safety page for more information). Some of our business sectors (e.g., Public Service Sector) and group companies (e.g., JVCKENWOOD Creative Media Corporation) have obtained the ISO/IEC27001 certification, and we will be recommending other group companies to acquire such certification as needed.
JVCKENWOOD Group’s comprehensive policy on information security
JVCKENWOOD Group Basic Policy on Information Security
Policy on product security for products manufactured/sold by the JVCKENWOOD Group
JVCKENWOOD Group Basic Policy on Product Security
JVCKENWOOD Group’s basic policy on factory security
JVCKENWOOD Group Basic Policy on Factory Security
Policy on JVCKENWOOD Group’s information assets
The JVCKENWOOD Group is building and reinforcing its information security system in line with its Basic Policy on Information Security by formulating rules on information management, implementing relevant measures, and providing employee training. At the same time, we remain aware of changes in the external environment and threats to our information assets as we build a system that enables us to ensure information security and quickly respond to such changes and threats. The Corporate Information Security Committee chaired by the information security officer meets regularly and assesses information security risks in order to maintain an information security management system, monitor its operation, and implement necessary measures. Specifically, we have consolidated information systems on an integrated server, we conduct drills to counter targeted attacks from external sources, and we maintain a Computer Security Incident Response Team (CSIRT). To ensure product security, we adhere to the Basic Policy on Product Security across the Group, promote Security by Design (SBD), and maintain a Product Security Incident Response Team (PSIRT). We will be monitoring new legislation and social needs as we address this issue company-wide to ensure that our customers can use our products/services with peace of mind. In addition to collecting and analyzing information on information security on an ongoing basis and taking necessary measures, we have a system in place that enables us to respond quickly to incidents, such as information leaks. We have set up a task force consisting of a risk management officer, information security officer, and other personnel as necessary. In this way, we ensure that security incidents are responded to appropriately by minimizing their impact while developing recovery and preventive measures, etc.
We have been working to protect personal data under the JVCKENWOOD Group Personal Data Protection Policy. We have long recognized the importance of protecting the personal data of customers, business partners and employees, but public demands in this regard have recently become even more stringent.
Against this backdrop, the JVCKENWOOD Group is working with related divisions to ensure that personal information of users of our products and services is not used inappropriately, and is implementing safety management measures for personal information in accordance with the Personal Information Protection Law, which was revised in 2022. We had one incident concerning information security in FY2021, in which some of the servers operated by the Group's European sales company was accessed illegally by a third party, but as of July 31, 2022, no information leakage due to unauthorized access has been confirmed. We are currently strengthening our security and developing measures to prevent a recurrence. In addition, we will ensure that all employees strictly adhere to the management system for handling personal information.
The JVCKENWOOD Group regularly conducts information security training for our employees in Japan. This training is implemented as simulation for targeted e-mail attacks and as programs for general employees, PC advisors, and new employees, respectively. In FY2021, the relevant items were covered in tier-specific training, with more than 92.8% of participation rate for general employees.
Various types of information security training have been implemented, and proactive special training covering issues such as suspicious emails was provided to 100% of target employees in FY2021. We hope to make more employees aware of the need for such training and create workplace environments that facilitate participation of training. We are determined to reduce the percentage of employees opening suspicious e-mails and improve the training participation rate.