Please note that JavaScript and style sheet are used in this website,
Due to unadaptability of the style sheet with the browser used in your computer, pages may not look as original.
Even in such a case, however, the contents can be used safely.

Information Security

Main Activities and Results (Fiscal 2013)

NEC attained an even higher level of information security management by drastically reducing the number of information security incidents through continuous, stringent enforcement of security measures centered on information leaks. Another measure was putting in place global security infrastructure and a secure environment utilizing cutting-edge IT. For customers, NEC has improved the quality of security with respect to products, services and systems through the promotion of secure development and operation.

Principal Activities for Internal Security

  • Maintained and improved recognition and awareness of information security
    NEC sought to improve recognition and awareness of information security through activities including held holding web-based information security training for NEC Group officers and employees in Japan and domestic partners of NEC Group companies who have access to NEC’s intranet. NEC also implemented an electronic pledge system for the “Basic Rules for Customer Related Work and Trade Secret.” Another measure was to stream the video content of an awareness-raising DVD (access count of 32,000).

  • Instituted a global service authentication platform
    In fiscal 2013, NEC continued efforts to operate and entrench an authentication platform for managing the ID data of all overseas subsidiaries linked to the NEC intranet (70 companies and approximately 15,000 employees as of March 2013). These efforts are aimed at achieving access control based on ID data at the global level.

  • Establish a platform for global computer security measures
    NEC has a management platform that enables the visualization of the status of information security measures for PCs (including application of security patches malware countermeasures and PC encryption, etc.) at overseas subsidiaries. In fiscal 2013, NEC used this platform to achieve visualization of the status of information security measures for PCs in Hong Kong, Taiwan and the Asia-Pacific. (NEC completed the implementation of the platform in North America and China in fiscal 2012.) NEC has also established device control functions (USB memory, etc.). In fiscal 2014, NEC will progressively expand these functions to Latin America and EMEA (Europe, Middle East and Africa). Additionally, NEC has begun exploring network quarantine functions.

  • Develop external secure environments utilizing the latest IT
    Furthermore, NEC began internally providing “trusted PCs” with enhanced security features compared with conventional PCs removable from business premises,. These “trusted PCs” include functions to remotely disable the use of PCs, delete specific data, and counter unknown vulnerabilities, as well as encryption. The goal is both to reduce the risks associated with theft, loss and cyber-attacks, etc., and increase the convenience of work performed outside the company.

Principal Activities for Suppliers

  • Reinforce information security at suppliers
    NEC conducted activities including providing continuous training related to confidential information management (for approx. 2,200 companies), revising guidelines for achieving information security requirements and standards providing an awareness-raising video tightening enforcement of the “Basic Rules for Customer Related Work” at suppliers (including training of in-house instructors, and enforcement of compliance through submission of pledges), and encouraging caution and sharing information in a timely manner through regular streaming of security newsletters.

  • Strengthening information security measures for offshore outsourcing
    NEC considered the feasibility of expanding the same information security measures requested of suppliers in China (“Basic Rules for Customer Related Work,” confidential information management, pledges, subcontracting management, etc.) to suppliers in China India. Based on these considerations, NEC established a policy for expanding measures to Indian suppliers. In fiscal 2014, NEC plans to expand these measures locally in India.

Initiatives Concerning Solutions for Customers

  • Rigorously promote secure development and operation in fields with a high frequency of incidents
    NEC has rigorously promoted secure development and operation in business fields with a high frequency of information security incidents due to design errors and system malfunctions. As a result, NEC reduced incidents in those business fields to zero.

  • Establish secure development and operation environments
    NEC has worked to make the Secure Development and Operation Implementation Standards known throughout the Group. These standards define the scope of secure development and operation and establish security measures, along with requiring developers and operators of the applicable products, systems and services to comply with these measures. NEC also increased the scope of projects subject to these standards.
    Furthermore, NEC promoted visualization of the status of security measures for products, systems and services, and worked to improve problematic projects by rigorously enforcing the use of the Secure Development and Operation Assessment System for each project being developed or operated. (Number of inspected projects: about 2,000).

  • Train personnel specializing in secure development and operation
    Continuing on from the previous fiscal year, in fiscal 2013, NEC provided training on secure development to Secure Development and Operation Promotion Managers and developers in divisions that develop and operate products, systems and services. NEC strove to promote and institute mastery of expertise needed to implement secure development across the company as a whole. (Total number of fiscal 2013 training participants: 1,000).

Monitoring and Improvement

  • Information security assessment activities
    The NEC Group verifies the implementation of information security measures at each Group company through Group-wide information security assessment activities. The Group has continuously formulated and executed improvement plans every year if there are any measures that are improperly implemented. In fiscal 2013, we conducted information security assessments of 98 Group companies in Japan. In addition, we conducted assessments of individual roles (individual assessment), where general employees and the manager responsible for each information security measure verify the implementation status of each measure. Through this format, we endeavored to achieve more effective improvements by accurately gauging actual worksite conditions. In fiscal 2013, we conducted these individual assessments at 49 companies (around 75,000 people),. In fiscal 2013, we also expanded assessments conducted by individual employees (individual assessment) to 83 overseas subsidiaries, in an effort to monitor the status of security measures at overseas subsidiaries in detail, while raising awareness and recognition. At overseas subsidiaries where we have yet to implement individual assessments, we continued to perform assessments centered on organizational assessments, where the information security management promotion managers of each organization verify the entire organization’s status. By providing specific feedback to each overseas subsidiary, we worked to make detailed improvements.

  • Assessment of suppliers
    Based on the NEC Group Information Security Standards for Suppliers and the Basic Rules for Customer Related Work and other guidelines, we conducted assessments and evaluations of the implementation status of information security measures by suppliers (on-site assessments: approx. 150 companies; written assessments: approx. 2,200 companies). We provided suppliers with feedback in the form of the assessment and evaluation results, and thoroughly implemented improvements.