Sustainability | GovernanceInformation Security

Our Approach

In order to ensure the continuous improvement of information security, the TDK Group has built a global information security management structure based on its Basic Policy on Information Security and conducts activities accordingly.

Basic Policy on Information Security

General Direction

This Policy shall apply to the TDK Group.
The TDK Group shall work on maintenance and enhancement of the security of information, recognizing that it is indispensable to secure personal information and trade secrets (including information on or received from customers) appropriately, and ensure the correctness and accuracy of financial information as well as business continuity in order for us to make ourselves highly reliable and more satisfactory to our stakeholders.
We all shall execute the following six actions as the concrete guidelines of actions.

Action Guidelines

  1. Observance of Laws and Regulations
    In the handling of information, we shall observe laws and regulations concerning “the prevention of alteration, leakage, unauthorized access, and unlawful use of information”, “requiring reliability of information and correctness in disclosure”, and “protecting personal information”, and “business requirements including terms and conditions of contracts with customers” in the respective countries and regions.
  2. Information Security Management System
    We shall establish a system to manage and govern information security organically and define its role and responsibility.
  3. Implementation of Measures for Risk Management
    We shall find out threats and vulnerability in light of confidentiality, completeness and availability, and implement sufficient measures in response to the risks. In addition, we shall make sure to implement the measures for information security with the company regulations set in accordance with this Policy.
  4. Provision of Resources
    The management shall provide management resources necessary to execute this Policy.
  5. Continuous Improvement of Information Security
    We all shall endeavor to continue to improve the information security in response to changes in risks arising from transformation in internal and external circumstances.
  6. Strict Actions
    Should there be a violation of this Policy or the company regulations, the management shall take a strict action in accordance with the Code of Conduct and the Work Rules.

Established July 1, 2005
Revised on April 15, 2016 (2nd edition)

Structure

Under the Executive Committee, TDK has set up the Information Security Committee, which adopts measures in response to information security risks in the Group as a whole. By establishing deliberative bodies made up of representatives from each region around the world, we are reinforcing global information security governance. Through the Information Security Administration Managers Meeting and other channels, the Information Security Committee endeavors to implement measures for each division.

Information security management organization (As of April 1, 2020)
Information security management organization (As of April 1, 2020)

Specific Measures in Fiscal 2019

In fiscal 2019, we focused on countermeasures against increasingly sophisticated cyberattacks and conducted trials worldwide.

[Main Measures]

  • Reinforced countermeasures against cyberattacks on worldwide Group company websites
  • Strengthened management of worldwide Group company websites.
  • Strengthened control and management of incoming telecommunications.
  • Global response to cyber-risk insurance
At the global meeting
At the global meeting

Information Security Education

In order to maintain and enhance information security throughout the entire TDK Group, we implement information security education and email training for all employees more than once a year.
Information security education is conducted at Group sites for computer users. Regarding content of the education and frequency, each site incorporates appropriate content in accordance with its environment and conditions.
In the email training at each site, emails resembling actual targeted email attacks are sent to employees to check the number of people who open the attached file and the number of people who click on the URL.

Future Activities

In order to respond to cyberattacks, which are becoming an increasingly serious threat, TDK will reinforce internal information security countermeasures and strengthen measures regarding cloud services, use of which is increasing, on a global level.
In addition, TDK will continue to enhance employee education and training, including training to handle targeted email attacks, thereby responding to risks in the Group as a whole that cannot be fully handled by the system.

Recommendations

PAGE TOP