Policy on Information Protection
ROHM Group has defined its policy on information security and works to implement thorough management. This management covers the confidential information on ROHM Group that is obtained during business activities, third-party confidential information obtained from trading partners or customers, information affecting the privacy of related parties and personal information.
ROHM Group Information Security Policy
- It takes on effective data protection measures to the Divulging of information.
- The System and Network where the business continuance is enabled under all situations are secured.
- All employees should try to prevent the security accident of the Divulging of information etc.
Other efforts for the personal information of customers are conducted in accordance with the "Act on the Protection of Personal Information" and the "METI Guidelines on the Protection of Personal Information" and include the clarification of the purpose of use, appropriate acquisition and safe and strict management.
Promotion and Management System
Through Information Systems Division at the Head Office, ROHM Group has established a management system for information security throughout the Group and is continuing efforts to aim to improve the security level further. Information Systems Division acquired "ISO/IEC 27001" certification for information security management systems in 2013. The systems are operated to promote the appropriate management of information, including with the prevention of leaks of confidential information such as critical business data and the elimination of the improper use of that information. ROHM uses measures and systems such as these to reduce the business risks for the stakeholders.
Information Security Initiatives
Proper management of information about customers and business partners, as well as information held by ROHM Group, is essential for providing better products and services to society and for reliable corporate management.
ROHM Group is promoting information security measures through the following continuous efforts. In the unlikely event of an accident, we will immediately investigate the cause and take appropriate measures including recurrence prevention measures.
Enforcement of IT Asset Management
ROHM strictly manages its IT assets by centralizing the purchase and disposal of IT assets (Storage media such as PC terminals, software, USB, and internal communication devices), monitoring usage with an IT asset management tool, and taking monthly inventories. Through these efforts, we prevent and manage compliance and security risks such as illegal use of IT assets, cyber attacks, and security breaches.
※Kitting: Various settings and software installation to make the PC usable for business
Security Measures on the Device Side
We have implemented anti-virus and Windows vulnerability countermeasures for PCs and other devices used by employees. Furthermore, in case of loss, we have been maintaining and constructing an environment where information leakage does not occur by introducing a mechanism that can initialize the personal computer by multi-factor authentication and remote operation in case of loss.
Education and Training
Many of the causes of information leakage are erroneous operations, mismanagement of devices and information, and lack of awareness of information security, all of which correspond to human error.
In order to prevent and reduce the security risk caused by human error, ROHM continually conducts training and education for employees to improve security literacy.
|Education/Training||Theme/Purpose||Year||Target||Number Trained(person)||Trained Rate(%)|
|E-learning for targeted attack email||The awareness of each employee toward security will be boosted to prevent attacks targeting people – something that cannot be prevented simply through system-based measures||FY2018||All employee||2,808||83%|
|Online Information security Training||Increasing Security Awareness Through a Renewed Awareness of the Risk of Confidential Information Leakage||employee using Note-PC||1,094||92%|
|Online Information security Training||With the expansion of the remote environment, in order to reaffirm the importance of information security for employees, education about the rules for leaking confidential information and specific precautions when using and managing notebook PCs||FY2019||employee using Note-PC||1,465||92%|