Information Security

Basic policy

Confidential materials shall mean any and all information, products and facilities that may cause a disadvantage to the Company or benefit a third party if made known to the public or if leaked out, and the use and disclosure of which is controlled by people in charge of confidentiality management, who are designated under the information security promotion system. Confidential materials also include other companies' confidential materials obtained by fair means.

Information security guidelines

Aichi Steel, for security controls and to prevent leakages of personal information, has established rules regarding the procedures for handling documents and data, sending and receipt of email, and management standards and procedures for computers and peripheral devices.

Examples of rules

  • Document control rules
  • Information security control rules
  • Information disclosure rules
  • Private information protection rules, etc.

We carefully handle and strictly control any information held by the Company or by any Group company, and any information obtained from our customers, suppliers or employees, etc., in accordance with our internal rules.

Information security promotion system

Management system and roles of each department

Information security

Recognizing the importance of information security management, and in compliance with the All Toyota Security Guidelines (ATSG), we have established internal structures, provided employees with information and education on rules and regulations, and conduct inspections and so on.

The Risk Management Department conducts (and is strengthening) security inspections to ensure that there are no issues with external email, that employees do not carelessly take internal information outside the office, or that USB memory, cameras, and other devices are handled properly. We have applied the All Toyota Security Guidelines (ATSG) at all group companies, and are enhancing information security across the entire Aichi Steel Group.

Information audit results

Auditing
of e-mails
Cases detected:
22
Failure to set a password for a file
Inclusion of a password in an e-mail message
E-mailing to a terminal unit for private use
Baggage
inspection
May: Three
October: Two
Incomplete permit application

Information security awareness and education

Through our CSR meetings, management receives updates on current Group information security management levels, as well as issues and ongoing efforts, ensuring a common awareness of information security as a management issue.

For employees, a check is conducted using an "information security checklist" for every employee using a personal computer in their day-to-day work, regarding handling of information devices and various related rules. Based on those results, staff responsible for education in each department, along with department heads, provide individual instruction.

We also present public incidents of information leaks in a news format, and issue company-wide alerts when a computer virus or other malicious program is discovered in the Company, in order to raise awareness of security controls.