Skip to main content

CSR(Corporate Social Responsibility)

Hitachi

The Hitachi Group maintains information in a secure way with respect for all regulations. We use our information security management system to safeguard business and personal information of our customers, and Hitachi Group technical information as well as other confidential information. We sustain and improve security in several ways: extensive information handling procedures, security education for employees, and information security audits, among others.

Framework for Information Security

The Information Security Committee, chaired by the Chief Information Security Officer, determines our information security policies and procedures. The Information Security Promotion Council and other bodies convey decisions internally and to Hitachi Group companies. Information security officers at business sites and companies then inform employees.

The Hitachi Group emphasizes two points that protect personal information and information security in our policies:

(1)Precautionary measures and prompt security responses
We classify assets to be secured and take safeguarding measures based on vulnerability and risk analyses. We also have an emergency manual for security breaches, based on the assumption that these are inevitable, and not just possible.

(2)Promoting stronger ethical and security awareness among data users
We have prepared a program tailored to Hitachi's various personnel levels and are working to raise the prevailing sense of ethics and security awareness through Group-wide e-learning. We are also conducting audits to identify and address problems early on.

Basic Approach to Information Security Governance

image

Preventing Information Leaks

We formulated the Three Principles for Preventing Leakage of Confidential Information to ensure the highest level of care for confidential information and to prevent leaks. Our policies make certain that we minimize leaks by promptly contacting customers, reporting to government agencies, investigating causes, and acting to prevent recurrences. Hitachi Group companies worldwide take the following steps to prevent information leaks: using Hitachi Hibun encryption software and security PCs that do not store data; employing Hitachi Katsubun electronic document access control and expiration processing software; maintaining ID management and access control by building an authentication infrastructure; and using e-mail and website filtering. In response to the recent spate of targeted e-mail attacks and other cyberattacks, we are participating in an initiative to share information between the private sector and the government. We are also enhancing our IT organization by adding more layers to our leak prevention procedures with both entry and exit countermeasures.

To ensure a secure exchange of information with our suppliers, we review their information security measures based on Hitachi's information security standards before allowing them access to confidential information. We have provided tools to approximately 8,800 suppliers (procurement partners) for security education and for checking business information on computers. In addition, we require them to check and remove business information from personal computers to prevent leaks. Consequently, we experienced no information leaks in fiscal 2012.

Three Principles for Preventing Leakage of Confidential Information

Principle 1
As a general principle nobody can take Confidential Information out of the Company's premises.
Principle 2
Any person taking Confidential Information out of the Company's premises due to business necessity shall obtain prior approval from the Information Assets Manager.
Principle 3
Any person taking Confidential Information out of the Company's premises due to business necessity shall put in place relevant and appropriate measures against information leakage.

Global Information Security Management

Hitachi Group companies worldwide are reinforcing information security in line with Global Information Security Administration Standards. We have set up PC security and other priority measures in coordination with colleagues in the United States, Europe, Southeast Asia, and China to protect security by using secure shared services.

Protecting Personal Information

We established a personal information protection management system based on our Personal Information Protection Policy. The roll-out of this system through e-learning courses for all employees and through periodic audits ensures the Company-wide protection and safe handling of personal information.

Privacy Mark Certification

Hitachi, Ltd. received Privacy Mark*1 certification in March 2007 (renewed for the third time in March 2013). As of March 2013, 69 Hitachi Group companies had received the Privacy Mark. In July 2007, the Odaira Memorial Tokyo Hitachi Hospital became the first corporate medical institution in Japan to become Privacy Mark certified. The Ibaraki Hospital Center (located in Japan) was also certified. These hospitals work hard to protect and carefully handle the personal information of patients and others.

Hitachi also strives to safeguard personal information globally at Group companies outside Japan based on the Personal Information Protection Policy and in keeping all applicable laws and regulations, including social requirements.

*1
Privacy Mark: A third party certification granted to businesses approved by an assessment institution as taking appropriate security management and protection measures on personal information (granting institution: Japan Information Processing Development Corporation). Effective since April 1998.

image

Information Security Audits and Inspections

The Hitachi Group promotes information security based on the PDCA (plan-do-check-act) cycle of our information security management system. We conduct annual information security and personal information protection audits at all divisions.

The president appoints officers to conduct independent audits. These officers are not allowed to audit their own units, underlining our commitment to fairness and objectivity in auditing. We implemented audits at 298 domestic Hitachi Group companies, and we are in the process of confirming the results. For 517 Hitachi Group companies outside Japan, we use the Global Security Self Check to ensure Group-wide auditing and inspections. We implement Confirmation of Personal Information Protection and Information Security Management annually as a voluntary inspection of business unit workplaces. We conduct monthly Confirmation of Personal Information Protection and Information Security Management assessments at approximately 500 operations that handle important personal information. This regular control mechanism ensures effective safety management and implementation.

Education on Information Security

To consistently protect information, it is crucial for everyone to continually develop their knowledge of information handling and to remain strongly aware of the issues. For this reason, we hold annual e-learning courses on information security and personal information protection for all directors, employees, and temporary employees. At Hitachi, Ltd., nearly 100 percent of the approximately 40,000 employees take these courses. We provide specific additional training, especially for new employees and managers, and information system administrators. We have prepared a wide range of information security programs based on target and role. We also aim to prevent human error, the prime cause of information security incidents. These programs combat cybercrime by addressing issues such as risk prediction and social engineering.

Our educational programs, available to Hitachi Group companies in and outside Japan, provide Group-wide education on information security and personal information protection.