Sustainability | GovernanceInformation Security
In order to ensure the continuous improvement of information security, the TDK Group has built a global information security management structure based on its Basic Policy on Information Security and conducts activities accordingly.
Basic Policy on Information Security
This Policy shall apply to the TDK Group.
The TDK Group shall work on maintenance and enhancement of the security of information, recognizing that it is indispensable to secure personal information and trade secrets (including information on or received from customers) appropriately, and ensure the correctness and accuracy of financial information as well as business continuity in order for us to make ourselves highly reliable and more satisfactory to our stakeholders.
We all shall execute the following six actions as the concrete guidelines of actions.
Observance of Laws and Regulations
In the handling of information, we shall observe laws and regulations concerning “the prevention of alteration, leakage, unauthorized access, and unlawful use of information”, “requiring reliability of information and correctness in disclosure”, and “protecting personal information”, and “business requirements including terms and conditions of contracts with customers” in the respective countries and regions.
Information Security Management System
We shall establish a system to manage and govern information security organically and define its role and responsibility.
Implementation of Measures for Risk Management
We shall find out threats and vulnerability in light of confidentiality, completeness and availability, and implement sufficient measures in response to the risks. In addition, we shall make sure to implement the measures for information security with the company regulations set in accordance with this Policy.
Provision of Resources
The management shall provide management resources necessary to execute this Policy.
Continuous Improvement of Information Security
We all shall endeavor to continue to improve the information security in response to changes in risks arising from transformation in internal and external circumstances.
Should there be a violation of this Policy or the company regulations, the management shall take a strict action in accordance with the Code of Conduct and the Work Rules.
Established July 1, 2005
Revised on April 15, 2016 (2nd edition)
Under the Executive Committee, TDK has set up the Information Security Committee, which adopts measures in response to information security risks in the Group as a whole. By establishing deliberative bodies made up of representatives from each region around the world, we are reinforcing global information security governance. Through the Information Security Administration Managers Meeting and other channels, the Information Security Committee endeavors to implement measures for each division.
Measures taken in Fiscal 2022
TDK is strengthening its information security measures in accordance with the Cybersecurity Framework of the US National Institute of Standards and Technology (NIST) ((1)identify, (2)protect, (3)detect, (4)respond, (5)recover), which can be described as the standard for information security countermeasures.
- Use of a mechanism to automatically evaluate security administration conditions and identify and improve vulnerabilities ((1)identify, (2)protect, (3)detect)
- Support for improvements after confirmation of supply-chain security conditions ((1)identify, (2)protect)
- Introduction of mechanism to detect the status of use of dangerous cloud services ((3)detect)
- Global implementation of training to counter security incidents ((4)respond, (5)recover)
- Global subscription to cyber-risk insurance ((5)recover)
Information Security Education
To maintain and enhance information security throughout the entire TDK Group, we implement information security education and email training for all employees more than once a year.
Information security education is conducted at Group sites for computer users. Regarding the content and frequency of the education, each site incorporates appropriate topics in accordance with its environment and circumstances.
In the email training at each site, emails resembling actual targeted email attacks are sent to employees to check the number of people who open the attached file and the number of people who click on the URL.
Filing of Complaints Regarding Privacy Violations
TDK has formulated the Basic Policy on the Protection of Personal Information and endeavors to manage personal information properly. In fiscal 2022 there were no reports or receipt of complaints in Group companies concerning the infringement of customer privacy or the loss of customer data.
In order to respond to cyberattacks, which are becoming an increasingly serious threat, TDK is strengthening countermeasures to prevent the occurrence of damage and, in the event that damage does occur, to minimize it.
In addition, TDK will continue to enhance employee education and training, including training to handle targeted email attacks, thereby responding to risks in the Group as a whole that cannot be fully handled by the system.