Please note that JavaScript and style sheet are used in this website,
Due to unadaptability of the style sheet with the browser used in your computer, pages may not look as original.
Even in such a case, however, the contents can be used safely.
- Top Message
- CSR Management
- Corporate Governance
- NEC's Seven CSR Initiatives
- CSR Activity report
- Stakeholder Engagement
- Consistency With International Initiatives
- External Ratings and Evaluation
- Information Security Report
- CSR Archives
- Topics
- Editorial Policy
- Site Map
Information Security
Objectives and Achievements
Objectives for the Medium Term (From Fiscal 2011 to Fiscal 2013) and Fiscal 2013, Achievements and Progress, and Degree of Completion
(Degree of completion: achieved/mostly achieved/some progress/no progress)
| Medium-Term Objective | Implement comprehensive security measures from the standpoint of management, systems and human resources development. Protect information assets entrusted to NEC by customers and suppliers as well as NEC’s own information assets. As a provider of IT products, services and solutions, deliver even more secure and reliable products, services and solutions to customers. |
|---|---|
| Fiscal 2013 Objective 1 | Develop global information security infrastructure
|
| Achievements and Progress |
A management platform that enables the visualization of the information security status of PCs (including application of security patches, malware countermeasures and PC encryption, etc.) at overseas subsidiaries was used to achieve visualization of the status of information security measures for PCs in Hong Kong, Taiwan and the Asia-Pacific. |
| Degree of Completion | Achieved |
| Fiscal 2013 Objective 2 | Develop external secure environments utilizing the latest IT
|
| Achievements and Progress |
Thin client terminals were provided in Windows 7, Linux and proprietary versions, and were used according to application. The Windows version terminal offers the broadest scope of general application, with almost 18,000 of these terminals currently in operation. |
| Degree of Completion | Achieved |
| Fiscal 2013 Objective 3 | Implement secure development and operation Expand secure development and operation implementation standards and enable visualization of implementation status Promote the inclusion of secure development and operation standards in standards within the organization Conduct regular assessments of secure development and operation status |
| Achievements and Progress |
Inclusion of secure development and operation standards in standards within the organization was promoted. Inclusion in core business units and business departments was completed. Regular assessments of the secure development and operation status of systems and services for customers were conducted, along with improving problematic projects. |
| Degree of Completion | Achieved |
New Objectives for the Medium Term (From Fiscal 2014 to Fiscal 2016) and Fiscal 2014 Objectives
| New Medium-term Objectives | As a global company that provides ICT essential to the social infrastructure, NEC will contribute to society by protecting information assets entrusted to it by customers and suppliers and its own information assets, as well as by providing even more secure, reliable and trusted products and services, and information security solutions. |
|---|---|
| Fiscal 2014 Objectives 1 | Enhance and expand global information security infrastructure
|
| Fiscal 2014 Objectives 2 | Reinforce secure external environments using the latest IT
|
| Fiscal 2014 Objectives 3 | Promote and entrench secure development and operation
|
NEC has issued an Information Security Report, which presents the NEC Group’s measures in regard to information security. Please follow the link below for further details on information security activities
Privacy Protection Measures
Since establishing the NEC Privacy Policy in July 2000, NEC has been enhancing measures to protect personal information. In October 2005, NEC obtained Privacy Mark certification*. Ever since, we have worked to protect personal information using management systems that are fully compliant with the Japan Industrial Standards Management System for the Protection of Personal Information (JIS Q 15001) and with Japan's Personal Information Protection Law.
Privacy System
Because NEC's major business operations include the integration, operation, and maintenance of information systems, the company is involved in the handling and management of not only the personal information provided by individual customers, but also the personal information managed by corporations organizations and other such customers. For this reason, NEC has appointed a Personal Information Protection Manager with the highest level of overall responsibility and authority with respect to personal information Group-wide, with personal information protection measures led by the Personal Information Protection Office. This office works closely with related corporate divisions to promote and manage the activities of NEC and the NEC Group as a whole. Its staff consists primarily of members of the Customer Information Security Office in the Internal Control Division, under the leadership of the Personal Information Office Manager, who is appointed by the Personal Information Protection Manager.
Because NEC's major business operations include the integration, operation, and maintenance of information systems, the company is involved in the handling and management of not only the personal information provided by individual customers, but also the personal information managed by corporations organizations and other such customers. For this reason, NEC has appointed a Personal Information Protection Manager with the highest level of overall responsibility and authority with respect to personal information Group-wide, with personal information protection measures led by the Personal Information Protection Office. This office works closely with related corporate divisions to promote and manage the activities of NEC and the NEC Group as a whole. Its staff consists primarily of members of the Customer Information Security Office in the Internal Control Division, under the leadership of the Personal Information Office Manager, who is appointed by the Personal Information Protection Manager.
Operation of Privacy System
NEC has established and operates and manages the ledger-based "Personal Identifiable Information Control System" for visualizing personal information. This system has been introduced at Group companies with closely related operations, with the view to sharing information.
Furthermore, NEC has documented clear Company-wide management procedures for personal information, while promoting a privacy protection management system spanning NEC and the entire NEC Group. NEC has also instituted and rigorously enforces implementation of operational rules for specific business divisions and types of personal information, as necessary.
In regard to making privacy protection known to employees and other personnel across the NEC Group, and implementing privacy protection training, NEC plans and conducts mainly web-based programs to train all employees about privacy-related issues. All applicable employees complete web-based training on these issues every year. NEC also requests its contractors handling personal information in their operations to provide their employees with the same level of training.* In October 2005 NEC Corporation obtained certification of privacy procedures under the Privacy Mark validation scheme for private sector firms operated by the Japan Information Processing Development Corporation (JIPDEC). As of March 31, 2013, a total of 44 NEC Group companies in Japan had also obtained Privacy Mark validation. NEC applies a common security standard to all members of the NEC Group.
