Information security is one of the most important issues for any company that wants to effectively utilize all the types of information in its possession. Konica Minolta treats information as a valuable asset, and is working to ensure information security. It does this by practicing proper information management to address risks such as loss, leakage, or destruction of data, while carrying out continual improvements.
Promoting Information Security
Based on the leadership of the President and CEO as well as the officer in charge of the IT planning and management organization, Konica Minolta has established a Group-wide information security management system and is promoting a higher level of IT security and continual improvements at Group companies worldwide.
In order to ensure the security (confidentiality, integrity, and availability) of controlled information, including not only information handled using information technology, but also information on paper and information about services and personnel, all Group companies in Japan have continuously maintained ISO 27001 certification, which is the international standard for information security management, since fiscal 2009. In addition, once a year risk assessments of information security are conducted and a risk response plan is formulated. At quarterly meetings of information security promoters, incident summaries are reported to the Information Security Control Officer and instructions for necessary responses are issued. In this way, the PDCA cycle is followed.
Furthermore, measures to prevent unauthorized use and information leakage are implemented through the enactment and operation of rules relating to the management of confidential information and the establishment of systems for restricting and monitoring access to confidential information and its removal off-site. Also, education on the protection of personal information and information security is given at least once a year to all employees, including non-regular employees, of Group companies in Japan.
Outside Japan as well, Group companies work to obtain ISO 27001 certification. Also, all Group companies outside Japan are required to provide all employees with education on information security at least once a year.
With respect to cyber attacks, which have been on the rise in recent years, the Group operates the necessary systems and has a Computer Security Incident Response Team (CSIRT), maintaining awareness of the importance of cyber security risks and initiatives at the management level, based on the Cybersecurity Management Guidelines formulated by Japan's Ministry of Economy, Trade and Industry.
Finally, Konica Minolta is putting in place IT security controls, which are a part of the IT controls required under the Financial Instruments and Exchange Act (Japanese Sarbanes-Oxley Act) while ensuring compatibility within the Group.
Protecting Personal Information
Konica Minolta takes full precautions to protect the personal information of customers.
In the event that a leakage of information, including personal information held by Konica Minolta, Inc. is confirmed or liable to have occurred, an event/incident report would be made under the information security management system. The company would immediately check the facts and degree of impact and submit a report to the Personal Information Protection Control Committees and other committees in each country. In fiscal 2017, there were no problems with leaks, thefts or losses of personal information.