Information Security
Basic Concept
As information technology advances, the volume of digital data handled through networks inside and outside the company continues to grow.
In this environment, safeguarding the three elements of information security (integrity, confidentiality, and availability) is essential not only for preserving customer trust but also for contributing to the stability and confidence of the broader society.
In 2020, the Tsubaki Group formulated the Electronic Information Security Policy to protect all information assets we handle from a wide range of threats. Based on this global policy, we have implemented both technical and organizational measures, including employee education, risk assessments, systematic countermeasures, periodic audits, and vulnerability checks by third-party institutions. Looking ahead, we will continue to strengthen our information security framework, with a particular focus on cybersecurity.
Electronic Information Security System Chart
Promotion System
The company established the IT Committee in 1997 and expanded the committee system to include domestic Group companies in 2002. Since 2014, we have held an annual Global IT Summit to promote Group-wide collaboration. In addition, IT supervisory leaders have been appointed to oversee information systems in overseas regions. As cyber risks grow more severe each year, we are strengthening our global information security governance to ensure robust protection of the Group’s information assets.
Our information security measures for cyberattacks focus on three areas: preventing attacks, detecting them quickly, and restoring business activities as rapidly as possible after an incident. Among these, the most critical factor is the speed of business restoration in the event of a cyber incident. To support this, we have established a Cyber Security Countermeasures System*1 headed by top management. Under this system, a countermeasures team of experts, led by the Information System Department, can be quickly mobilized based on our IT-BCP (Business Continuity Plan)*2.
*1 Cyber Security Countermeasures System: Organizational system for responding to cyber attacks and incidents
*2 IT-BCP: A plan that is one part of the Business Continuity Plan and is focused on IT systems
Cyber Security Countermeasures System
Principal Initiatives
The Tsubaki Group is continually strengthening its response measures to address three types of threats: technical threats such as cyberattacks, physical threats such as natural disasters, and human threats such as internal fraud.
| Technical measures | 1. Monitor networks during normal operations and maintain control systems to prevent unauthorized access 2. Strengthen security measures for the safe use of cloud services 3. Promote IT-BCP initiatives in line with the Cybersecurity Guidelines established by the automotive industry |
|---|---|
| Physical measures | 1. Strengthen physical security by maintaining entry/exit records and installing monitoring cameras in areas where critical information devices are located 2. Implement offline backups and disaster mitigation measures to safeguard important data 3. Ensure comprehensive infrastructure management of servers and systems that store critical information |
| Human security measures | 1. Strengthen information security education and training by conducting twice-yearly e-learning programs and targeted e-mail threat training 2. Clearly define security rules and ensure they are communicated to all employees 3. Reduce risks by enforcing stronger passwords and through proper management of access rights, accounts, and devices |
