Skip to main content

close

Corporate Governance

Information Security

Basic Policy on Information Security

Proper Management and Use of All Confidential Information Including That of Other Companies

Daikin's Group Conduct Guidelines state that we manage and use confidential information appropriately. Our Information Security Basic Policy was formulated to clarify our basic philosophy and action on information security. Daikin stipulates that information leaks from internal information systems, Daikin products and services, and plant equipment systems constitute a major company-wide risk. Therefore, information managers in each division lead efforts in making Basic Regulations of Information Security and Common Security Guidelines based on our Information Security Basic Policy. We also strictly manage confidential information we are holding that is the property of other companies.

And with the increasingly widespread problems of companies losing information over the Internet, we are striving to raise the awareness of employee regarding managing their information; for example, we have strict company policy regarding employees' use of social media.

In fiscal 2019, there were no incidents involving the inappropriate management of information or information leakages.

Group Conduct Guidelines

5. Proper Management and Utilization of Information

We shall properly manage and effectively utilize the confidential information of our company, the confidential information obtained from other companies, and the personal information of our customers and employees and shall not obtain any information through improper means. We shall thoroughly execute IT security management for our computer systems and the data-resources saved on them.

Information Security Basic Policy

The Daikin Group recognizes that one of our most important management issues is to deliver safe and highly reliable products and services and protect our information assets as well as customers' information assets in our possession from various types of threats by addressing information security risks which increase on a daily basis. To deal with these issues, we establish the Group basic information security policy and unite as the Daikin Group to further reinforce information security.

  1. Our Group complies with rules and regulations, national guidelines, and other social standards in connection with information security.
  2. Our Group establishes and complies with internal rules related to information security based on the basic information security policies.
  3. Our Group implements appropriate security measures from personnel, organizational, and technological perspectives to protect and manage information.
  4. Our Group provides continuous education and awareness programs for information security to all employees.
  5. Our Group properly collects information and quickly reports to top management in the event that a security problem occurs on information assets. In addition, we rapidly investigate the cause and strive to minimize the damage and prevent recurrence.
  6. Our Group inspects the information security management system and its initiatives and continuously reviews and improves them.

Information Security Management System

Daikin's Information Security Committee, chaired by the officer in charge of information security, was established to strengthen the group-wide security management system. This committee is a cross-organizational information security deliberation body, and it revises and discusses group-wide information security strategy, policy measures, and common rules (regulations and guidelines). It operates under the Corporate Ethics and Risk Management Committee, to which it reports important information security matters, as well as notifications that must be sent to all employees and strictly followed. Matters decided on by the Corporate Ethics and Risk Management Committee are reported to the Internal Control Committee, chaired by the President, as well as to the Board of Directors. At overseas group companies, the results of information security inspections are used to prioritize bases most susceptible to major risk. At such bases, information security leaders are appointed and in-house rules are formulated in order to strengthen the security management system.

Furthermore, the officer in charge of information security also chairs the Corporate Ethics and Risk Management Committee.

Information Security Management System

Information Security Management System

Thorough Information Security

Daikin Industries, Ltd. has put into place a system for reporting and addressing information security incidents to prevent them from occurring and to minimize damages should one occur. Employees who discover an incident or situation that could lead to a security threat are required to report to the information security leader of their department and then follow his/her instructions. Information security leaders in turn report to the IT Development Department, which serves as the secretariat of the Information Security Committee, following the incident response standards. The IT Development Department spearheads efforts to investigate the cause and prevent the recurrence of these incidents.

Information Security Education

Daikin Industries, Ltd. strives to raise information security awareness among all members through training for officers, managers, and employees. General employees took courses on in-house rules in which they conducted self-assessments to confirm how well they are complying with the Group Conduct Guidelines. There were also articles in Daikin's in-house magazine aimed at raising security awareness. In addition to training and other educational sessions, once a year we send employees training emails that give them practice in dealing with malicious targeted email attacks.

In fiscal 2019, we held a training session for information security leaders led by an outside instructor about the steps they can take in their own departments to respond to a cyberattack.

Information Security Inspections and Results

Daikin Industries, Ltd. holds self-checks every year to determine the state of compliance with the Group Conduct Guidelines. These checks include Daikin's proprietary self-assessment system and information security matters.
We hire outside experts to diagnose the vulnerability of our servers and web applications inside and outside of Japan considered to have a high degree of information security risk. Based on the results, we implement countermeasures such as upgrading the version of servers or revising web applications.
We are also strengthening measures in other ways. We inspect how well our information leak measures are being implemented in line with the Ministry of Economy, Trade and Industry's Management Guidelines for Trade Secrets as well as conduct training and reviews of our incident response procedures.
Our IT division, legal division, and internal auditing division collaborate to conduct legal and internal audits to confirm and improve the state of compliance at all divisions.
As a result of audits and inspections, problems that have come to light and their countermeasures are reported to the Information Security Committee. As for major issues and matters that all employees must be notified of and strictly follow, these are reported to the Corporate Ethics and Risk Management Committee, the Internal Control Committee, and the Board of Directors.

Self Assessment System

Refer to Compliance.

Measures Against Information Leak Risk

Refer to Risk Management.

Sustainability

Find out more in your region.

Global Locations

Go To Page Top