The NEC Group positions the assurance of information security as an important management priority, and protects the information assets entrusted to us by our customers and business partners as well as our own information assets from cyber attacks and other threats. Furthermore, by providing secure products, systems, and services, we create the social values of safety, security, fairness, and efficiency, and contribute to the realization of a more sustainable society where everyone has the chance to reach their full potential.
Recognition as a management priority
- The NEC Group recognizes that ensuring information security is one of the most important management issues, and positions investment in this area as an essential responsibility of corporate management. Our top management identifies risks, sets information security goals based on these risks, allocates the necessary management resources, monitors status of these efforts and achievement status of initiatives, and continually improves overall information security across the Group.
- The NEC Group complies with the laws and regulations as well as the national guidelines, the social standards and norms related to information security.
Formulation of management policies and declaration of intention
- The NEC Group discloses information security initiatives through our annual Information Security Report and other means.
- If an incident security problem should occur, we respond immediately based on our business continuity plan to minimize the damage to the minimum, while locating the root cause to prevent the recurrence.
Establishment of internal and external systems and implementation of measures
- Our Chief Information Security Officer (CISO) oversees the Group-wide information security strategy, which is supervised by the Board of Directors of NEC Corporation. In addition, Computer Security Incident Response Teams (CSIRTs) responsible for responding to security incidents have been established under the CISO.
- The NEC Group establishes and implements internal regulations in accordance with this Statement, while making efforts to maintain our information security management framework and to protect information assets under our control appropriately.
- The NEC Group implements appropriate human, physical, technological, and organizational security controls to protect its information assets from unauthorized access, leakage, alternation, theft/loss, destruction, obstruction of use, or any other threats.
- The NEC Group seeks to solve social issues by actively recruiting talent with advanced knowledge of information security and creating opportunities for them to play an active role. We are also committed to promoting better awareness and providing education for all our officers and employees according to their job categories.
- The NEC Group makes efforts to improve the information security level of the entire supply chain by promoting information security measures in cooperation with business partners.
Provision of secure products, systems, and services
- The NEC Group makes efforts to ensure information security and privacy in all stages of the customer's business by implementing secure design and operation for the products, systems, and services we provide to our customers and to society.
Contributing to the establishment of a safe and secure ecosystem
- The NEC Group participates in information sharing initiatives with information security-related organizations inside and outside Japan and actively provides information to help strengthen the level of information security of society as a whole.
Established: 1 April 2004
Revised: 12 May 2021