Information Security
Campaign to promote information security, fire, health and safety, and environmental preservation.
Having considered that the contributing factors to accidents in information security and accidents in health and safety, in 1990 we decided to establish a campaign to cover all of these issues and thus eradicate the causes.
Respect for the Value of One’s Own Information and that of Others
As Hitachi Information Systems main business is managing the valuable information assets of the customers, and building and operating information systems, we recognize that information security is one of the most important issues, both managerially and operationally.
Bearing this in mind, we have set up Information Security Management System, drafting and implementing comprehensive policies at the corporate level. These include “Respect for the value of one’s own information and that of others” (in Article 6 of the conduct guidelines contained in our
Corporate Code of Conduct). We have also set up the Information Security Committee and initiated a certification acquisition activity for ISMS and privacy marks etc.
In 2002, we specified the Information Securities Policy and established the Information Security Management System for the appropriate protection of all information assets that the Hitachi Information Systems Group deals with, making directors and employees aware of it.
In October 2004, to further enhance effectiveness, we established the Information Security Center as a section specializing in information security measures.
Information Security Companywide Management System
|
Personal Information Security Management System
We have been selecting one personal information security manager from our executives. It is the operation management system for strengthening the pertinent protection of the personal information which Hitachi Information Systems has been managing.
At the same time, by selected an audit director, we have been audited of management system regularly every year how it has been working and operating.
Related Regulations for Information Security
| Basic Regulations related to Information Security |
Established July 2002 and revised May 2004. Established a compliance program for all matters related to information security which is revised and improved continuously. |
| Information Security Regulations |
Established June 2004. With the goal of providing information security, we have established and detailed regulations for handling all security related information in the company. |
| Detailed Regulation on Information Security |
Established December 2004. With the goal of securing information security, we have thoroughly stated details relating to handling all security related information in the company. |
| ISMS Regulations |
Established July 2002, revised in July 2003. Implemented business regulations and management policies related to information security under the ISMS certificate regulations. |
Thorough information security training
|
Hitachi Information Systems has integrated thorough information security education into our CSR training curriculum. From new employees to directors, all employees are required to participate via “e-learning,” where the regulations and laws are thoroughly explained.
In October of 2005, all employees of Hitachi Information Systems and its partner companies attended this e-learning training, with 8,510 individuals completing the course (a 100% participation rate.) New hires are required to go through this information security training upon entering the company.
|
|
Information security training document
|
Implementation of Information Leakage Prevention
To prevent information leakage at Hitachi Information Systems, we have applied an external information recording media encrypter software to all our PC's. Furthermore, for laptop computers, we have prohibited computers to be taken out of the office and if necessary, we have applied a hard-disk encrypter to prevent loss and theft. To identify each computer, a sticker label is used on every lap top computer.
A sticker label for permitted computers to be taken out of the office
|
|
A sticker label for prohibited computers to be taken out of the office
|
Un-installment of Waste Baskets
All unwanted documents, memos, old company letters will be collected in the lockable “miscellaneous documents collection cabinet” Further more, these documents will be shredded using our AS shredder and recycled back to 100% pulp, creating a 0% risk of information leakage.
| |
Miscellaneous Documents collection cabinet
|
Other measures designed to support information security
External information recording media leak prevention measures (use of coding products)
Implementation of mail/web filtering
Implementation of secure PCs (secure client solutions)
Loading of virus-protection software onto all PCs
Implementation of countermeasure software on mail servers
Software management control via a license management system (LMS)
Information Security
