The Yokogawa Group works together with customers to provide them with solutions. To protect important information entrusted to us by our stakeholders, we implement information security measures to address three aspects: people, equipment, and information technology (IT).
Awareness of each one of employees is important to protect information. Yokogawa provides training using e-learning to all its employees every year to share recognition of information security and update their knowledge so that they can come up with an idea of how to use the information they got and take appropriate action. As a more practical approach, lecture meetings on information security are held with experts invited as lecturers, education and training on responses to targeted attacks are provided, and education using cases of work is provided to line managers. Whether the results of these activities are reflected on daily information security activities is checked through information security audit.
Information security is also required to be "clear." We have clarified the areas that each of the employees and visitors can enter. When a visitor enters other areas than the guest area, the visitor must wear a premise entry card. The office area is locked for 24 hours by access control, which will protect the property and information assets on the premises of the head office. Moreover, we have introduced the MPS (Managed Print Service) so that "those who require information can access the required one." This allows only the required one to be printed when personal authentication passes, preventing the printed matter from being left behind or mixed with others.
When we implement information security measures, "people" is more important than anything. We utilize the IT to protect against human error such as "leakage by mistake" and "misuse due to ignorance," and also adopt the concept of multi-layering to prepare against cyber-attacks from the outside.
Security Management of Yokogawa
Yokogawa formulates a personal information protection policy and rules that its group companies should follow for proper management and use of the personal information they have received from customers. In addition, Yokogawa is making efforts to reduce risks, in response to personal information protection requirements that differ depending on the country.
In fiscal 2017, no complaint was filed about Yokogawa’s system that aggregates reports from the group companies regarding breaches of customers’ privacy and loss of customer data.
Yokogawa group is promoting security activities based on the concept of ISO27001 and has policies and measures notified from an information security supervisor and manager to each business department, division, and affiliated companies. The secretariat grasps whether operations are performed in line with rules and takes necessary improvement measures.
As an organization that promotes information security on each line, Yokogawa sets up an information security system at each of its departments, divisions, and related companies, to serve as key to smooth information security promotion activities and thereby turn a PDCA cycle.
Information security organization of Yokogawa Electric Corporation
In addition, Yokogawa also created an information security committee so that responses to cyberattacks will be improved and that customers can continue their business activities safely and securely. This committee comprises cybersecurity experts in each field and is trying to share information and grasp the latest trend, going beyond the boundaries of organizations.
Information Security Committee