Daikin's Group Conduct Guidelines state that we manage and use confidential information appropriately. We also established the Information Security Basic Policy. Daikin stipulates that information leaks from internal information systems, Daikin products and services, and plant equipment systems constitute a major company-wide risk. Therefore, information security leaders in each division lead efforts in making Basic Regulations of Information Security and Common Security Guidelines. We also strictly manage confidential information we are holding that is the property of other companies.
And with the increasingly widespread problems of companies losing information over the Internet, we are striving to raise the awareness of employee regarding managing their information; for example, we have strict company policy regarding use of social media.
In fiscal 2021, there were no incidents involving the inappropriate management of information or information leakages.
5. Proper Management and Utilization of Information
We shall properly manage and effectively utilize the confidential information of our company, the confidential information obtained from other companies, and the personal information of our customers and employees and shall not obtain any information through improper means. We shall thoroughly execute IT security management for our computer systems and the data-resources saved on them.
The Daikin Group recognizes that one of our most important management issues is to deliver safe and highly reliable products and services and protect our information assets as well as customers' information assets in our possession from various types of threats by addressing information security risks which increase on a daily basis. To deal with these issues, we establish the Group basic information security policy and unite as the Daikin Group to further reinforce information security.
Daikin's Information Security Committee is a deliberation body chaired by the officer in charge of information security. This committee discusses revisions to group-wide information security strategy, policy measures, and common rules (regulations and guidelines). It operates under the Corporate Ethics and Risk Management Committee, to which it reports important information security matters, as well as notifications that must be sent to all employees and strictly followed. Matters decided on by the Corporate Ethics and Risk Management Committee are reported to the Internal Control Committee, chaired by the President, as well as to the Board of Directors. The officer in charge of information security also chairs the Corporate Ethics and Risk Management Committee.
At overseas group companies, the results of information security inspections are used to prioritize bases most susceptible to major risk. At such bases, information security leaders are appointed and in-house rules are formulated in order to strengthen the management system.
Daikin Industries, Ltd. has put into place a system for reporting and addressing information security incidents to prevent them from occurring and to minimize damages should one occur. Employees who discover an incident or situation that could lead to a security threat are required to report to the information security leader of their department and then follow his/her instructions. Information security leaders in turn report to the IT Development Department, which serves as the secretariat of the Information Security Committee, following the incident response standards. The IT Development Department spearheads efforts to investigate the cause and prevent the recurrence of these incidents.
Daikin Industries, Ltd. strives to raise information security awareness among all members through training for officers, managers, and employees. General employees took courses on in-house rules in which they conducted self-assessments*. There were also articles in Daikin's in-house magazine aimed at raising security awareness. In addition to training and other educational sessions, once a year we send employees training emails that give them practice in dealing with malicious targeted email attacks.
In fiscal 2021, we held a training session on information security management for information security leaders. This training was led by an outside instructor and focused on case studies of security incidents at other companies and recent trends in security attacks.
Daikin Industries, Ltd. holds self-checks that include Daikin's proprietary self-assessment system and information security matters.
Every year, we conduct tests of incident response procedures to check the workflow of incident response and the established scenarios. These tests reveal deficiencies and issues, which help us to strengthen countermeasures. Also, we check the status of countermeasures against information leaks following the Ministry of Economy, Trade and Industry’s Management Guidelines for Trade Secrets.
In fiscal 2021, in addition to self-assessments, we conducted interviews of all group companies to inspect the status of security rules establishment and compliance as well as IT system countermeasures.
We hire outside experts to diagnose the vulnerability of our servers and web applications inside and outside of Japan considered to have a high degree of information security risk. Based on the results, we implement countermeasures such as upgrading the version of servers or revising web applications.
As a result of audits and inspections, problems that have come to light and their countermeasures are reported to the Information Security Committee. As for major issues and matters that all employees must be notified of and strictly follow, these are reported to the Corporate Ethics and Risk Management Committee, the Internal Control Committee, and the Board of Directors.
Find out more in your region.