Our approach to information security

Framework and Guidelines

The President & CEO assigns a Corporate Manager for Confidential Corporate Information Management and Personal Information Protection (hereafter Corporate Manager), who assumes overall responsibility for confidential corporate information management, and an Audit Manager for Personal Information Protection, who is responsible for implementing and reporting the results of personal information audits. The Corporate Manager assumes overall responsibility for information security, and the Corporate Secretariat for Confidential Corporate Information Management and Personal Information Protection (hereafter Corporate Secretariat) under the Corporate Manager is in charge of planning and promoting information security measures. Responsibility for the actual utilization and management of confidential corporate information and personal information lies with the General Manager of each business group (the Confidential Corporate Information Management and Personal Information Protection Manager) and the manager of each business site (office directors, etc.). The Business Group Secretariats and Business Office Secretariats, under the General Manager of each business group and manager of each business site strive to ensure information security by maintaining close coordination and regularly holding meetings with the Corporate Secretariat.
In the event an incident were to occur, reports and instructions would be given in keeping with this framework and appropriate responses would be taken to prevent secondary damage.

Business groups and offices (offices, branches, works [production plants]) issue instructions and guidance on information security to affiliates in and outside Japan. Paying special attention to the circumstances and special characteristics of overseas affiliates, the Corporate Secretariat places overseas regional representative managers at sites in the Americas, Europe, China, and other Asian countries and coordinates with them to ensure information security.

diagram: Framework (Mitsubishi Electric Group)

Framework (Mitsubishi Electric Group)

Global Activities

To maintain and improve the information security level of the Mitsubishi Electric Group as a whole, including overseas affiliates, various inspections are conducted as appropriate for each information security system, as prescribed in the Guidelines to Information Security Management Rules for Affiliated Companies.

Management Principles

The Mitsubishi Electric Group practices confidential corporate information management and personal information protection utilizing a continuous improvement approach implemented using the Plan, Do, Check, Act (PDCA) cycle, and employs four security measures to ensure proper management and protection of confidential corporate information and personal information from the organizational, human, physical, and technological perspectives.

photo: PDCA cycle to ensure information security

PDCA cycle to ensure information security

diagram: Four security measures

Four security measures

Information Security Regulations and Guidelines

Committed to living up to its Declaration of Confidential Corporate Information Security Management and Personal Information Protection Policy, Mitsubishi Electric Corporation has established information security regulations and guidelines alongside the four security measures, and reviews them as necessary to stay in compliance with current laws. In addition, we have similar rules for personal information protection and affiliates.

Item Basic regulations
Security measures Organizational security measures: Regulations on confidential corporate information security management
Human security measures: Regulations on the work of employees
Physical security measures: Physical security guidelines
Technological security measures: Regulations on information security management

Information Security Inspections

The Mitsubishi Electric Group performs the following inspections as part of the C (Check) stage of the PDCA cycle at head office management departments, business groups and offices, and affiliates. These inspections focus on checking whether confidential corporate information management and personal information protection activities are being implemented properly by the Mitsubishi Electric Group as a whole, and on confirming the status of those activities. The Group reviews measures based the results, and this leads to the A (Act) stage of the PDCA cycle.

These inspections are set down in the Confidential Corporate Information Management Regulations, which cover Mitsubishi Electric Corporation, and in the Guidelines for Information Security Management Regulations, which cover affiliates in and outside Japan.

Inspections related to information security
Name Content
Self-check Self-check program for confidential corporate information management and personal information protection Using a checklist, each Mitsubishi Electric Group company performs a self-inspection of its activities for information security.
Third-party check Third-party check program for confidential corporate information management and personal information protection Mitsubishi Electric’s business sites mutually check each other’s status of information security management. Mitsubishi Electric checks the status of information security at affiliated companies.
Personal information protection audits (Personal information protection management system audits) In Mitsubishi Electric, the status of personal information protection is internally audited under the supervision of the Audit Manager for Personal Information Protection. In affiliated companies in Japan that have been granted the right to use the "PrivacyMark," the same internal audit is conducted by the audit manager in each company.