In order to ensure the continuous improvement of information security, the TDK Group has built a global information security management structure based on its Basic Policy on Information Security and conducts activities accordingly.
Basic Policy on Information Security
This Policy shall apply to the TDK Group.
The TDK Group shall work on maintenance and enhancement of the security of information, recognizing that it is indispensable to secure personal information and trade secrets (including information on or received from customers) appropriately, and ensure the correctness and accuracy of financial information as well as business continuity in order for us to make ourselves highly reliable and more satisfactory to our stakeholders.
We all shall execute the following six actions as the concrete guidelines of actions.
Observance of Laws and RegulationsIn the handling of information, we shall observe laws and regulations concerning “the prevention of alteration, leakage, unauthorized access, and unlawful use of information”, “requiring reliability of information and correctness in disclosure”, and “protecting personal information”, and “business requirements including terms and conditions of contracts with customers” in the respective countries and regions.
Information Security Management SystemWe shall establish a system to manage and govern information security organically and define its role and responsibility.
Implementation of Measures for Risk ManagementWe shall find out threats and vulnerability in light of confidentiality, completeness and availability, and implement sufficient measures in response to the risks. In addition, we shall make sure to implement the measures for information security with the company regulations set in accordance with this Policy.
Provision of ResourcesThe management shall provide management resources necessary to execute this Policy.
Continuous Improvement of Information SecurityWe all shall endeavor to continue to improve the information security in response to changes in risks arising from transformation in internal and external circumstances.
Strict ActionsShould there be a violation of this Policy or the company regulations, the management shall take a strict action in accordance with the Code of Conduct and the Work Rules.
Established July 1, 2005
Revised on April 15, 2016
Under the Executive Committee, TDK has set up the Information Security Committee, which adopts measures in response to information security risks in the Group as a whole. Through the Information Security Administration Managers Meeting and other channels, the Information Security Committee endeavors to implement measures for each division.
Information Security Management Organization
Specific Measures in fiscal 2017
In fiscal 2017, we focused on cyberattack countermeasures, strengthening our global preparedness to include countermeasures to ransomware—a concrete threat to the corporation—and website security measures, as websites are easy targets of threats from the Internet.
- Establishing and enforcing global rules regarding criteria for applying security patches
- Strengthening cyberattack countermeasures for the websites of our companies around the world
- Training concerning targeted threat e-mail
- Implementation of training to deal with a computer virus infection
- Preparation for compliance with the EU’s General Data Protection Regulation (GDPR)
- Thorough compilation of measures through global information sharing and administrator meetings
At the global meeting
In order to respond to cyberattacks, which are becoming an increasingly serious threat, TDK will strengthen its systemic response on a global level, including the vulnerability management of PCs and servers and the detection and blockage of illegal communications. In addition, TDK will continue to enhance employee education and training, including training to handle targeted email attacks, thereby responding to risks in the Group as a whole that cannot be fully handled by the system.