Our approach to information security

Framework and Guidelines

In April 2020, a new "Corporate Information Security Division" was established under the direct control of the president, to oversee all the Group's information security management. It has integrated three functions that were previously separate: management of confidential corporate information and personal data protection, information system security, and product security.

The Executive Officer in charge of Information Security is responsible for the Group's overall information security management. Under this officer's direction, the Corporate Information Security Division is in charge of planning and implementing the Group's information security management structure and rules as well as activities to ensure the security of information systems. The Division is striving to ensure information security by working closely with each business group and site, which are the organizations that actually utilize and manage the data and systems.

In the event an incident were to occur, reports and instructions would be given in keeping with this framework and appropriate responses would be taken to prevent secondary damage.

Business groups and offices (offices, branches, works [production plants]) issue instructions and guidance on information security to affiliates in and outside Japan. Paying special attention to the circumstances and special characteristics of overseas affiliates, the Corporate Information Security Division places overseas regional representative managers at sites in the Americas, Europe, China, and other Asian countries and coordinates with them to ensure information security.

diagram: Framework (Mitsubishi Electric Group)

Framework (Mitsubishi Electric Group)

  1. *1 CSIRT: Computer Security Incident Response Team
  2. *2 PSIRT: Product Security Incident Response Team

Global Activities

To maintain and improve the information security level of the Mitsubishi Electric Group as a whole, including overseas affiliates, various inspections are conducted as appropriate for each information security system, as prescribed in the Guidelines to Information Security Management Rules for Affiliated Companies.

Management Principles

The Mitsubishi Electric Group practices confidential corporate information management and personal information protection utilizing a continuous improvement approach implemented using the Plan, Do, Check, Act (PDCA) cycle, and employs four security measures to ensure proper management and protection of confidential corporate information and personal information from the organizational, human, physical, and technological perspectives.

photo: PDCA cycle to ensure information security

PDCA cycle to ensure information security

diagram: Four security measures

Four security measures

Information Security Regulations and Guidelines

Committed to living up to its Declaration of Confidential Corporate Information Security Management and Personal Information Protection Policy, Mitsubishi Electric Corporation has established information security regulations and guidelines alongside the four security measures, and reviews them as necessary to stay in compliance with current laws. In addition, we have similar rules for personal information protection and affiliates.

Item Basic regulations
Security measures Organizational security measures: Regulations on confidential corporate information security management
Human security measures: Regulations on the work of employees
Physical security measures: Physical security guidelines
Technological security measures: Regulations on information security management

Information Security Inspections

The Mitsubishi Electric Group performs the following inspections as part of the C (Check) stage of the PDCA cycle at head office management departments, business groups and offices, and affiliates. These inspections focus on checking whether confidential corporate information management and personal information protection activities are being implemented properly by the Mitsubishi Electric Group as a whole, and on confirming the status of those activities. The Group reviews measures based the results, and this leads to the A (Act) stage of the PDCA cycle.

These inspections are set down in the Confidential Corporate Information Management Regulations, which cover Mitsubishi Electric Corporation, and in the Guidelines for Information Security Management Regulations, which cover affiliates in and outside Japan.

Inspections related to information security
Item Content
Self-check Self-check program for confidential corporate information management and personal information protection Using a checklist, each Mitsubishi Electric Group company performs a self-inspection of its activities for information security.
Third-party check Third-party check program for confidential corporate information management and personal information protection Mitsubishi Electric’s business sites mutually check each other’s status of information security management. Mitsubishi Electric checks the status of information security at affiliated companies.
Personal information protection audits (Personal information protection management system audits) At Mitsubishi Electric, the status of personal information protection is internally audited under the supervision of the Audit Manager for Personal Information Protection, who is appointed by the President & CEO of Mitsubishi Electric. In affiliated companies in Japan that have been granted the right to use the "PrivacyMark," the same internal audit is conducted by the audit manager at each company.