The President & CEO assigns a Corporate Manager for Confidential Corporate Information Management and Personal Information Protection (hereafter Corporate Manager), who assumes overall responsibility for confidential corporate information management, and an Audit Manager for Personal Information Protection, who is responsible for implementing and reporting the results of personal information audits. The Corporate Manager assumes overall responsibility for information security, and the Corporate Secretariat for Confidential Corporate Information Management and Personal Information Protection (hereafter Corporate Secretariat) under the Corporate Manager is in charge of planning and promoting information security measures. Responsibility for the actual utilization and management of confidential corporate information and personal information lies with the General Manager of each business group (the Confidential Corporate Information Management and Personal Information Protection Manager) and the manager of each business site (office directors, etc.). The Business Group Secretariats and Business Office Secretariats, under the General Manager of each business group and manager of each business site strive to ensure information security by maintaining close coordination and regularly holding meetings with the Corporate Secretariat.
In the event an incident were to occur, reports and instructions would be given in keeping with this framework and appropriate responses would be taken to prevent secondary damage.
Business groups and offices (offices, branches, works [production plants]) issue instructions and guidance on information security to affiliates in and outside Japan. Paying special attention to the circumstances and special characteristics of overseas affiliates, the Corporate Secretariat places overseas regional representative managers at sites in the Americas, Europe, China, and other Asian countries and coordinates with them to ensure information security.
Framework (Mitsubishi Electric Group)
To maintain and improve the information security level of the Mitsubishi Electric Group as a whole, including overseas affiliates, various inspections are conducted as appropriate for each information security system, as prescribed in the Guidelines to Information Security Management Rules for Affiliated Companies.
The Mitsubishi Electric Group practices confidential corporate information management and personal information protection utilizing a continuous improvement approach implemented using the Plan, Do, Check, Act (PDCA) cycle, and employs four security measures to ensure proper management and protection of confidential corporate information and personal information from the organizational, human, physical, and technological perspectives.
PDCA cycle to ensure information security
Four security measures
Committed to living up to its Declaration of Confidential Corporate Information Security Management and Personal Information Protection Policy, Mitsubishi Electric Corporation has established information security regulations and guidelines alongside the four security measures, and reviews them as necessary to stay in compliance with current laws. In addition, we have similar rules for personal information protection and affiliates.
|Security measures||Organizational security measures: Regulations on confidential corporate information security management|
|Human security measures: Regulations on the work of employees|
|Physical security measures: Physical security guidelines|
|Technological security measures: Regulations on information security management|
The Mitsubishi Electric Group performs the following inspections as part of the C (Check) stage of the PDCA cycle at head office management departments, business groups and offices, and affiliates. These inspections focus on checking whether confidential corporate information management and personal information protection activities are being implemented properly by the Mitsubishi Electric Group as a whole, and on confirming the status of those activities. The Group reviews measures based the results, and this leads to the A (Act) stage of the PDCA cycle.
These inspections are set down in the Confidential Corporate Information Management Regulations, which cover Mitsubishi Electric Corporation, and in the Guidelines for Information Security Management Regulations, which cover affiliates in and outside Japan.
|Self-check||Self-check program for confidential corporate information management and personal information protection||Using a checklist, each Mitsubishi Electric Group company performs a self-inspection of its activities for information security.|
|Third-party check||Third-party check program for confidential corporate information management and personal information protection||Mitsubishi Electric’s business sites mutually check each other’s status of information security management. Mitsubishi Electric checks the status of information security at affiliated companies.|
|Personal information protection audits (Personal information protection management system audits)||In Mitsubishi Electric, the status of personal information protection is internally audited under the supervision of the Audit Manager for Personal Information Protection. In affiliated companies in Japan that have been granted the right to use the "PrivacyMark," the same internal audit is conducted by the audit manager in each company.|