CSR – Framework and Guidelines
Framework and Guidelines
The President & CEO assigns a Corporate Manager for Confidential Corporate Information Management and Personal Information Protection and an Audit Manager for Personal Information Protection. The Corporate Manager assumes overall responsibility for information security, and the Corporate Secretariat for Confidential Corporate Information Management and Personal Information Protection is in charge of planning and promoting information security measures. Responsibility for the actual utilization and management of confidential corporate information and personal information lies with the general manager of each business group (Confidential Corporate Information Management and Personal Information Protection Managers) and the manager of each business site (office directors, etc.). The Business Group Secretariat and Business Office Secretariat strive to ensure information security by maintaining close coordination and regularly holding meetings with the Confidential Corporate Information Management and Personal Information Protection Secretariat.
The Audit Manager is responsible for implementing and reporting the results of personal information protection audits. In the incident of a leakage of confidential corporate information or personal information or in any other information security incident within the Mitsubishi Electric Group, the matter is reported to the leader through the framework, where it is promptly dealt with in compliance with relevant laws and regulations and is disclosed as necessary in a timely and appropriate manner.
Business Groups also issue instructions and guidance to overseas affiliates in the same way as they do to domestic affiliates, and strive to ensure information security in cooperation with overseas regional offices.
The Mitsubishi Electric Group learned a bitter lesson from an accident that occurred in 2010 involving a leak of personal information collected from customers. Based on this experience, it is taking every step to ensure that no leakage of confidential corporate or personal information, or no similar accident, occurs again.
To maintain and improve the information security level of the Mitsubishi Electric Group as a whole, including overseas affiliates, various inspections are conducted in line with information security systems prescribed in the Guidelines to Information Security Management Rules for Affiliated Companies.
The Mitsubishi Electric Group engages in activities for confidential corporate information management and personal information protection as ongoing improvement activities that are implemented according to the PDCA (Plan, Do, Check, Action) cycle, and employs four security measures to ensure proper management and protection of confidential corporate information and personal information from the organizational, human, physical, and technological perspectives.
Information Security Regulations and Guidelines
The Mitsubishi Electric Group has established regulations and guidelines to ensure information security with respect to four security measures, and reviews them as necessary to stay in compliance with current laws.
Information Security Inspections and Audits
The following inspections and audits are performed as part of the C (check) stage of the PDCA cycle. They focus on checking whether confidential corporate information management and personal information protection activities are being implemented properly by the Mitsubishi Electric Group as a whole, and on confirming the status of those activities so that improvements can be made.
Inspections and Audits Related to Information Security
|Self-check program on confidential corporate information management and personal information protection||Using a checklist, each Mitsubishi Electric Group company performs a self-inspection of their activities for information security.|
|Cross-check program on confidential corporate information management and personal information protection||Mitsubishi Electric's business sites mutually check each other's status of information security management. The status of information security in affiliated companies is checked by Mitsubishi Electric.|
|Personal information protection audits
(Personal information protection management system audits)
|In Mitsubishi Electric, the status of personal information protection is internally audited under the supervision of the Audit Manager for Personal Information Protection. In affiliated companies in Japan that have acquired the Privacy Mark certification, the same internal audit is conducted by the audit manager in each company.|