Go
Corporate Information Brother's CSR Environment Investor Information News

Global Brother > Brother's CSR > Brother Group's CSR > Information Security


Brother Group's CSR

Information Security

To Properly Manage and Protect Information

Conducting periodic audits and risk assessments in accordance with the Information Security Regulation

Brother Industries considers the proper management and protection of information as the foundation of maintaining management quality. For this reason, the Information Security Regulation and the Information Management Committee have been put in place, and all activities are conducted in compliance with the information security management system (ISMS). The Information Security Regulation sets four confidentiality levels for handling in-house information, and defines rules for storing, accessing, and disposing of information. Staff in charge of information management at respective departments are fully informed of the company policy to ensure that rules are observed throughout the company. Internal audits are also conducted twice a year to check compliance.

In terms of information risk assessments*, the Commitment Declaration (a compilation of risk management plans for managing information risks identified by respective departments) has been approved by the Information Management Committee to facilitate risk management.

  • *: Risk assessment: To assess risks to information assets based on the frequency of, vulnerability to, or impact of the threat, etc.
Four information management levels based on confidentiality
Four information management levels based on confidentiality

Promoting Measures to Upgrade Information Risk Management

Standardizing and upgrading assessments

In FY 2009, Brother Industries, Ltd. (BIL) started to conduct information risk assessments on major business processes in respective departments. In FY 2010, to standardize and upgrade these assessments, BIL ran an education program on how to conduct assessments for staff in charge of information management, selected from respective departments. A system for conducting assessments led by the staff in charge of information management was set up in the departments, and efforts were made to motivate business staff to identify risks and take countermeasures. There is also an on-going education program for staff in charge of information management to ensure their roles and information management-related activities in their departments are fulfilled, and that they acquire the knowledge they need to answer inquiries.

In FY 2011, BIL will enhance the PDCA cycle by continuing with existing activities and introducing a system for evaluating the effectiveness of risk measures. Similar activities will be carried out at subsidiaries in Japan and manufacturing subsidiaries in Asia.

To the top on this page