Home >  Sustainability > Governance > Information Security

Information Security

Information Security Efforts

The Kyocera Group recognizes the importance of information resources and aims to strengthen information security. To serve as a trusted member of society, Kyocera has established the "Basic Information Security Policy", which defines Kyocera's information security objectives, measures, and action guidelines. Through promoting this policy, we continuously strive to prevent and reduce information security risks.

Basic Information Security Policy

With the expansion of cyberspace, the Kyocera Group continues to strive to understand the importance of all its information assets and to strengthen the handling of those assets. To respond to the trust of society as a whole, including our customers, business partners, investors, employees, and other stakeholders, we have established a basic information security policy, and declare that we will carry out our business in accordance with this policy.

  1. 1. Purpose
  2. The purpose of the basic policy is to establish basic rules regarding information security measures to be implemented by the Kyocera Group in order to maintain the confidentiality, integrity, and availability of the information assets held by the Kyocera Group.

  3. 2. Scope of application
  4. This basic policy applies to information assets (including personal information) related to all business activities managed by the Kyocera Group.

  5. 3. Information security management system
  6. To protect and appropriately manage information assets, the Kyocera Group has established the Information Security Committee, and the Chief Information Security Officer is responsible for overall information security management.

  7. 4. Compliance with laws and contractual requirements
  8. The Kyocera Group regularly investigates information security requirements, and strictly follows the various laws and regulations of each country, the guidelines and norms of each country, and industry standards and our contractual obligations with business partners.

  9. 5. Education and training for employees
  10. The Kyocera Group understands our social responsibility with regard to appropriately handling information assets, and provides constant education and training that are necessary for employees to appropriately use and manage information assets.

  11. 6. Implementation of measures
  12. The Kyocera Group will endeavor to prevent the occurrence of information security incidents by implementing information security measures against external attacks and threats of internal fraud. These measures will be appropriate to the type of information asset. In the event of a violation of laws or regulations, breach of contract, or an incident related to information security, we will immediately and appropriately resolve the situation and implement recurrence preventive measures.

  13. 7. Regular evaluation and continuous improvement
  14. To respond to changes in the business environment and social conditions while maintaining information security, the Kyocera Group will regularly evaluate our information security management system and the implementation status, and continuously formulate and implement improvement plans.

    July 1st, 2022
    Goro Yamaguchi, Chairman of the Board and Representative Director
    Hideo Tanimoto, President and Representative Director
    Kyocera Corporation

ISO 27001 and ISO 27017 Certificate of Registration among Kyocera Group

Governance System

The Kyocera Group has established an information security governance system ,which is led by the president to promote measures.

Governance System

Implementation of Information Security Training

The Kyocera Group conducts information security training based on its "Information Security Training Regulations". In order to raise awareness about information security and inform employees of their responsibilities, specialized training relating to the maintenance and management of information security is provided, in addition to annual training for new employees, general training for all employees, and training for managers and supervisors.

Procedures and Countermeasures in the Event of an Emergency

According to the Information Security Incident Management Regulations, an “incident” is defined as "a situation that threatens business operations or information security as a result of an undesired or unexpected occurrence or accident related to information security." These regulations also state the measures to be taken in the event of an incident and procedures for subsequent management.

Status of Vulnerability Countermeasures

We perform vulnerability diagnoses by the third-party*3 on public servers at least once a year. Also, we work to prevent security incidents by constantly collecting and spreading the latest vulnerability and security information from around the world through the CSIRT*2.

*1  A third-party organization that provides services in compliance with the "Information Security Service Standards" formulated by the Ministry of Economy, Trade and Industry.

*2  Computer Security Incident Response Team

Personal Information Protection Management System

The Kyocera Group regards the personal information obtained from stakeholders through business activities as important private information and strives to protect it thoroughly as a primary social responsibility. Kyocera has set up rules to protect specific personal information, clarified personal information usage purposes, set up a dedicated contact for inquiries, and provides regular education to employees handling private information, thereby ensuring thorough management. Also, regulations for Personal Information Protection have been established for employees to establish basic matters regarding the safeguarding of personal information, including a code of conduct for employees who handle personal information and the use of personal information management ledgers to monitor the management status of personal information centrally. Kyocera strives to ensure correct handling of personal information to maintain society's trust by preventing personal information from being compromised. These Personal Information Protection Management Regulations require employees to take necessary measures such as contacting related divisions, preventing the spread of damage, and carrying out investigations if personal information is leaked. Cases such as the leakage of personal details are incorporated into Kyocera's risk management policy by establishing the Kyocera Group Information Security Incident Management Regulations. The Personal Information Protection Management Regulations also stipulate that employees may be subject to disciplinary action if personal information is compromised. Kyocera strives to disseminate its Personal Information Protection Policy and Personal Information Protection Management Regulations within the company and enhance its effectiveness through regular training, surveys, and audits.

● Communication System on Personal Information

Communication System on Personal Information


Home >  Sustainability > Governance > Information Security