- Our Businesses
- Solution Linkage
- Used Equipment
- Job Reports
- About us
- Investor Relations
- Environment / CSR
- Global Network
Hitachi Construction Machinery’s information security administrator is appointed by the company’s president and has the authority and responsibility to implement and operate an Information Security Management System (ISMS).
The Information Security Committee, chaired by the information security administrator determines policies and procedures for information security and personal information protection. The Information Security Committee conveys decisions internally and to other companies in the HCM Group. Information security officers at business sites and companies ensure that these decisions are implemented in the workplace.
The HCM Group emphasizes two points in information security and personal information protection:
Information assets to be protected
Consistently maintaining level of information security requires all parties to continually develop their knowledge of information handling and to remain strongly aware of the issues. For this reason, we hold annual e-learning programs on information security and personal information protection for all directors, employees, and temporary employees.
We offer a variety of courses that are tailored to different target audiences, including new employees, new managers, and information system administrators. In 2014, we also began simulation training to educate employees about the increasing trend toward malicious targeted e-mail attacks and other cyberattacks. Employees are sent examples of targeted e-mail to heighten their awareness of security through direct experience.
Our educational programs, available to HCM Group companies in Japan and other global regions, provide Group-wide education on information security and personal information protection. In FY2019 and beyond, we plan to expand our e-learning materials in response to requests from employees and also look to continue the implementation of our various training programs.
Hitachi Construction Machinery Co., Ltd. has formulated the Three Principles for Preventing Leakage of Confidential Information to ensure the highest level of care for such information and to prevent leaks and other related incidents. Our policies ensure that if an incident does occur, damage is promptly minimized by contacting customers, reporting to Hitachi, Ltd., investigating causes, and acting to prevent any recurrence.
We take the following IT steps to prevent information leaks: using encryption software and secure PCs; employing electronic document access control; maintaining ID management and access control by building an authentication infrastructure; and filtering e-mail and visited websites. In response to the recent spate of targeted e-mail attacks and other cyberattacks, we are also enhancing our IT organization by adding more layers to our leak prevention procedures, including both entry and exit countermeasures.
To ensure the secure exchange of information with our suppliers, we review their information security measures based on HCM’s own standards before allowing them access to confidential information. We have provided tools to suppliers (procurement partners) for security education and for checking business information on computers. In addition, we require suppliers to check and remove business information from personal computers to prevent leaks.
Three Principles for Preventing Leakage of Confidential Information
Principle 1 As a general principle nobody can take Confidential Information out of the Company’s premises.
Principle 2 Any person taking Confidential Information out of the Company’s premises due to business necessity shall obtain prior approval from the Information Assets Manager.
Principle 3 Any person taking Confidential Information out of the Company’s premises due to business necessity shall put in place relevant and appropriate measures against information leakage.
HCM Group companies worldwide reinforce their information security in line with our Global Information Security Administration Rules, which conform to the international ISO/IEC 27001 standard. These rules are distributed from the parent company in Japan to Group companies around the world. Other security measures include secure shared services and support from Hitachi, Ltd.’s regional headquarters in the Americas, Europe, Southeast Asia, China, and India.
The HCM Group has developed its approach to security based on the “plan-do-check-act” (PDCA) cycle for Hitachi, Ltd.’s information security management system. We conduct annual information security and personal information protection audits at our Group companies and business units.
For HCM Group companies outside Japan, we use a “common global self-check” approach to ensure Group-wide auditing and inspections. We implement Confirmation of Personal Information Protection and Information Security Management annually for the voluntary inspection of business unit workplaces.