Policy on Information Protection
The ROHM Group has defined its policy on information security and works to implement thorough management. This management covers the confidential information on the ROHM Group that is obtained during business activities, third-party confidential information obtained from trading partners or customers, information affecting the privacy of related parties and personal information.
ROHM Group Information Security Policy
- It takes on effective data protection measures to the Divulging of information.
- The System and Network where the business continuance is enabled under all situations are secured.
- All employees should try to prevent the security accident of the Divulging of information etc.
Other efforts for the personal information of customers are conducted in accordance with the "Act on the Protection of Personal Information" and the "METI Guidelines on the Protection of Personal Information" and include the clarification of the purpose of use, appropriate acquisition and safe and strict management.
Promotion and Management System
Through the Strategic Information Systems Division at the Head Office, the ROHM Group has established a management system for information security throughout the Group and is continuing efforts to aim to improve the security level further. The Strategic Information Systems Division acquired "ISO/IEC 27001" certification for information security management systems in 2013. The systems are operated to promote the appropriate management of information, including with the prevention of leaks of confidential information such as critical business data and the elimination of the improper use of that information. ROHM uses measures and systems such as these to reduce the business risks for the stakeholders.
Education and Training
For the appropriate protection of information such as the confidential information obtained from customers based on contracts, we are working based on various policies such as the information security policy to construct mechanisms to prevent security accidents and to raise the awareness of employees.
As information security training, in addition to training for new employees and for different employee levels, there is also online information security training implemented continually for all employees. The situation of course participation and the level of understanding are made visible to provide appropriate feedback to the course participants. Moreover, in year 2018, we implemented a new training program to learn how to respond to targeted attack email to effectively raise the awareness of information security among all the employees.
|Education/Training||Theme/Purpose||Target||Number Trained(person)||Trained Rate(%)|
|Online Information security Training||Increasing Security Awareness Through a Renewed Awareness of the Risk of Confidential Information Leakage||employee using Note-PC||1,094||92%|
|e-learning for targeted attack email(*1)||The awareness of each employee toward security will be boosted to prevent attacks targeting people – something that cannot be prevented simply through system-based measures||All employee||2,808||83%|
*1: done at June and Sept. in year 2018
Enforcement of IT Asset Management
ROHM strictly manages its IT assets by centralizing the purchase and disposal of IT assets (PC terminals and software), monitoring usage with an IT asset management tool, and taking monthly inventories.