Hitachi Construction Machinery


Information Security and Protection of Personal Information

Implementing Rigorous Information Security

Hitachi Construction Machinery’s information security administrator is appointed by the company’s president and has the authority and responsibility to implement and operate an Information Security Management System (ISMS).

The Information Security Committee, chaired by the information security administrator determines policies and procedures for information security and personal information protection. The Information Security Committee conveys decisions internally and to other companies in the HCM Group. Information security officers at business sites and companies ensure that these decisions are implemented in the workplace.

The HCM Group emphasizes two points in information security and personal information protection:

    1. Prompt security responses
      We classify assets and take safeguarding measures based on vulnerability and risk analyses. We also have an emergency manual for security breaches, based on the assumption that these are inevitable, and not just possible.
    2. Promoting stronger ethical and security awareness among data users
      We have prepared a program tailored to Hitachi’s various personnel levels and are working to raise the prevailing sense of ethics and security awareness through Group-wide e-learning. We are also conducting self-audits to identify and address problems early on.

Basic Approach to Information Security Governance

Information assets to be protected

  1. Clearly designate assets to be protected
    • Evaluate information assets and conduct risk analysis
  2. Improve user literacy
    • Supply security education materials
    • Educate managers and staff
  3. Implement preventive techniques
    • Widely implement administrative measures
    • Deploy technological processes
  4. Establish information security system
    • Develop rules (security policy)
    • Create managerial framework
    • Establish audit and follow-up system
    • Ensure solid feedback through extensive PDCA cycles for prevention and accident response

Education on Information Security

Consistently maintaining level of information security requires all parties to continually develop their knowledge of information handling and to remain strongly aware of the issues. For this reason, we hold annual e-learning programs on information security and personal information protection for all directors, employees, and temporary employees.

We offer a variety of courses that are tailored to different target audiences, including new employees, new managers, and information system administrators. In 2014, we also began simulation training to educate employees about the increasing trend toward malicious targeted e-mail attacks and other cyberattacks. Employees are sent examples of targeted e-mail to heighten their awareness of security through direct experience.

Our educational programs, available to HCM Group companies in Japan and other global regions, provide Group-wide education on information security and personal information protection. In FY2020 and beyond, we plan to expand our e-learning materials in response to requests from employees and also look to continue the implementation of our various training programs.

Preventing Information Leaks

Hitachi Construction Machinery Co., Ltd. has formulated the Three Principles for Preventing Leakage of Confidential Information to ensure the highest level of care for such information and to prevent leaks and other related incidents. Our policies ensure that if an incident does occur, damage is promptly minimized by contacting customers, reporting to Hitachi, Ltd., investigating causes, and acting to prevent any recurrence.

We take the following IT steps to prevent information leaks: using encryption software and secure PCs; employing electronic document access control; maintaining ID management and access control by building an authentication infrastructure; and filtering e-mail and visited websites. In response to the recent spate of targeted e-mail attacks and other cyberattacks, we are also enhancing our IT organization by adding more layers to our leak prevention procedures, including both entry and exit countermeasures.

To ensure the secure exchange of information with our suppliers, we review their information security measures based on HCM’s own standards before allowing them access to confidential information. We have provided tools to suppliers (procurement partners) for security education and for checking business information on computers. In addition, we require suppliers to check and remove business information from personal computers to prevent leaks.

Three Principles for Preventing Leakage of Confidential Information

Principle 1  As a general principle nobody can take Confidential Information out of the Company’s premises.
Principle 2  Any person taking Confidential Information out of the Company’s premises due to business necessity shall obtain prior approval from the Information Assets Manager.
Principle 3  Any person taking Confidential Information out of the Company’s premises due to business necessity shall put in place relevant and appropriate measures against information leakage.

Global Information Security Management

HCM Group companies worldwide reinforce their information security in line with our Global Information Security Administration Rules, which conform to the international ISO/IEC 27001 standard. These rules are distributed from the parent company in Japan to Group companies around the world. Other security measures include secure shared services and support from Hitachi, Ltd.’s regional headquarters in the Americas, Europe, Southeast Asia, China, and India.

Thorough Information Security Audits and Inspections

The HCM Group has developed its approach to security based on the “plan-do-check-act” (PDCA) cycle for Hitachi, Ltd.’s information security management system. We conduct annual information security and personal information protection audits at our Group companies and business units.

For HCM Group companies outside Japan, we use a “common global self-check” approach to ensure Group-wide auditing and inspections. We implement Confirmation of Personal Information Protection and Information Security Management annually for the voluntary inspection of business unit workplaces.

Information Security Business Continuity Plan (IT-BCP)

Preparing for future cyber attacks and damages caused by natural disasters which have been increasing in recent years, we at HCM have been developing Information Security Business Continuity Plan (IT-BCP). In order to minimize the possible harm caused by disasters, we have been working on integration of core systems and migration to virtual servers or the cloud. Furthermore, we design the operation to allow us to restore the systems within a predefined timeframe and conduct a system-recovery-drill one a year, in case of cyber attacks and disasters.

Also, aiming at enhancing resilience of our information systems against cyber attacks, we have been supporting initiatives such as server enhancement and separation of factory networks. In FY 2021, we are planning to implement a solution which can detect and isolate viruses by their behaviors to all group companies in Japan as well as overseas.

This website uses cookies

By visiting our website, you consent to our and third party use of cookies. Read more about cookies in our privacy policy.