Skip to main content

close

Corporate Governance

Information Security

Basic Policy on Information Security

Proper Management and Use of All Confidential Information Including That of Other Companies

Daikin's Group Conduct Guidelines state that we manage and use confidential information appropriately. We also established the Information Security Basic Policy. Daikin stipulates that information leaks from internal information systems, Daikin products and services, and plant equipment systems constitute a major company-wide risk. Therefore, information security leaders in each division lead efforts in making Basic Regulations of Information Security and Common Security Guidelines. We also strictly manage confidential information we are holding that is the property of other companies.

And with the increasingly widespread problems of companies losing information over the Internet, we are striving to raise the awareness of employee regarding managing their information; for example, we have strict company policy regarding use of social media.

In fiscal 2021, there were no incidents involving the inappropriate management of information or information leakages.

Group Conduct Guidelines

5. Proper Management and Utilization of Information

We shall properly manage and effectively utilize the confidential information of our company, the confidential information obtained from other companies, and the personal information of our customers and employees and shall not obtain any information through improper means. We shall thoroughly execute IT security management for our computer systems and the data-resources saved on them.

Information Security Basic Policy

The Daikin Group recognizes that one of our most important management issues is to deliver safe and highly reliable products and services and protect our information assets as well as customers' information assets in our possession from various types of threats by addressing information security risks which increase on a daily basis. To deal with these issues, we establish the Group basic information security policy and unite as the Daikin Group to further reinforce information security.

  1. Our Group complies with rules and regulations, national guidelines, and other social standards in connection with information security.
  2. Our Group establishes and complies with internal rules related to information security based on the basic information security policies.
  3. Our Group implements appropriate security measures from personnel, organizational, and technological perspectives to protect and manage information.
  4. Our Group provides continuous education and awareness programs for information security to all employees.
  5. Our Group properly collects information and quickly reports to top management in the event that a security problem occurs on information assets. In addition, we rapidly investigate the cause and strive to minimize the damage and prevent recurrence.
  6. Our Group inspects the information security management system and its initiatives and continuously reviews and improves them.

Information Security Management System

Daikin's Information Security Committee is a deliberation body chaired by the officer in charge of information security. This committee discusses revisions to group-wide information security strategy, policy measures, and common rules (regulations and guidelines). It operates under the Corporate Ethics and Risk Management Committee, to which it reports important information security matters, as well as notifications that must be sent to all employees and strictly followed. Matters decided on by the Corporate Ethics and Risk Management Committee are reported to the Internal Control Committee, chaired by the President, as well as to the Board of Directors. The officer in charge of information security also chairs the Corporate Ethics and Risk Management Committee.
At overseas group companies, the results of information security inspections are used to prioritize bases most susceptible to major risk. At such bases, information security leaders are appointed and in-house rules are formulated in order to strengthen the management system.

Information Security Management System

Information Security Management System

Thorough Information Security

Daikin Industries, Ltd. has put into place a system for reporting and addressing information security incidents to prevent them from occurring and to minimize damages should one occur. Employees who discover an incident or situation that could lead to a security threat are required to report to the information security leader of their department and then follow his/her instructions. Information security leaders in turn report to the IT Development Department, which serves as the secretariat of the Information Security Committee, following the incident response standards. The IT Development Department spearheads efforts to investigate the cause and prevent the recurrence of these incidents.

Information Security Education

Daikin Industries, Ltd. strives to raise information security awareness among all members through training for officers, managers, and employees. General employees took courses on in-house rules in which they conducted self-assessments*. There were also articles in Daikin's in-house magazine aimed at raising security awareness. In addition to training and other educational sessions, once a year we send employees training emails that give them practice in dealing with malicious targeted email attacks.

In fiscal 2021, we held a training session on information security management for information security leaders. This training was led by an outside instructor and focused on case studies of security incidents at other companies and recent trends in security attacks.

*
Daikin’s proprietary system for checking the conduct of each and every employee pursuant to the Group Conduct Guidelines. Implemented annually, these checks identify issues within organizations that lead to compliance countermeasures.

Information Security Inspections and Results

Daikin Industries, Ltd. holds self-checks that include Daikin's proprietary self-assessment system and information security matters.
Every year, we conduct tests of incident response procedures to check the workflow of incident response and the established scenarios. These tests reveal deficiencies and issues, which help us to strengthen countermeasures. Also, we check the status of countermeasures against information leaks following the Ministry of Economy, Trade and Industry’s Management Guidelines for Trade Secrets.
In fiscal 2021, in addition to self-assessments, we conducted interviews of all group companies to inspect the status of security rules establishment and compliance as well as IT system countermeasures.

We hire outside experts to diagnose the vulnerability of our servers and web applications inside and outside of Japan considered to have a high degree of information security risk. Based on the results, we implement countermeasures such as upgrading the version of servers or revising web applications.

As a result of audits and inspections, problems that have come to light and their countermeasures are reported to the Information Security Committee. As for major issues and matters that all employees must be notified of and strictly follow, these are reported to the Corporate Ethics and Risk Management Committee, the Internal Control Committee, and the Board of Directors.

Sustainability

Find out more in your region.

Global Locations

Go To Page Top