Throughout the entire Hitachi Group, including companies in business reorganizations and companies integrated as a result of M&As, we are working to ensure security, compliance, and business continuity for internal IT.
To respond to the risk of information leaks and increasing cyberattacks, as well as to ensure proper use of software, we are continuing our efforts to strengthen our IT controls.
Throughout the entire Hitachi Group, including companies resulting from business reorganizations and companies that have been integrated as a result of M&As, we are working to ensure information security, IT compliance, and business continuity for internal IT, and are encouraging the standardization and sharing of IT.
We are engaged in a thorough application of IT controls, by establishing IT rules and standards as well as by performing self-diagnostics and internal audits.
To reduce internal IT risks, we require compliance with the IT rules that define essential requirement for IT controls. These rules center around aspects such as information security, IT compliance, and business continuity for Hitachi BUs#1 and Group companies. To encourage compliance, we have defined self-diagnostic checklists for confirming the status of compliance with IT rules and guidelines, and have introduced a system whereby the various BUs and Group companies are obligated to regularly perform self-diagnostics of their company IT systems and take corrective actions as necessary. Furthermore, if any defects are detected through internal audits conducted by auditing departments, requests for corrective action are sent out to the BUs and Group companies, leading to thorough compliance with IT controls.
The self-diagnostic system is not limited to the Hitachi Group companies within Japan, but rather applies to the Hitachi Group companies outside of Japan as well. In order to ensure that this system is used widely among BUs and Group companies, after clearly explaining the system to the applicable companies in each business group in advance, we implemented controls whereby the self-diagnostics are performed at affiliated companies under the responsibility of the relevant business group. As a result of these efforts, the rate of companies performing self-diagnostics was 60% across the entire Hitachi Group in FY 2012, but we have maintained a rate of at least 90% each year from FY 2020 onwards. As we aim for 100%, we are continuing to enhance our efforts through cooperation with the leaders of business groups.
In addition, Hitachi is providing to BUs and Group companies the services that are required to comply with the IT rules and guidelines (such as authentication and antivirus measures). Along with the increase in cyberattacks in recent years, with respect to measures to address particularly high-risk software vulnerabilities, we have begun offering services to support the implementation of measures at BUs and Group companies as we clarify the response procedures in guidelines. For BUs and Group companies that struggle to implement sufficient measures on their own, we are working on applying services and raising the standard of measures taken.
Against the backdrop of increasing business integration as a result of M&As, we are strengthening our efforts to reduce IT risks for the integrated BUs and Group companies at an early stage. Specifically, among the aforementioned self-diagnostic checklists, we select certain items that require priority compliance at integrated companies (such as taking measures against vulnerabilities). In addition, in the event that any deficiencies are detected among such items after self-diagnostics for the priority items are performed at the integrated companies, we request that the parent company business groups acquiring such companies implement corrective actions by the appropriate deadlines.
