With rapid digitalization, there is a demand for the utilization of digital data to strengthen competitiveness. Damage caused by cyberattacks is increasing year by year all over the world, and attack methods are becoming more sophisticated.
In such an environment, MITSUBA Group has established the “MITSUBA Group Basic Policy on Information Security” and is working to improve information security by implementing information security measures that consider the cybersecurity risks unique to the automotive industry.
MITSUBA Group believes that protecting the information assets (information entrusted to us by customers, development information including intellectual property, etc.) that it handles from intentional or accidental threats is an extremely important responsibility through its management activities centered on the transportation equipment-related business (*1) in order to contribute to the creation of a prosperous automobile society.
MITSUBA Group aims to meet the expectations of society and become a trusted company by protecting information assets in order to “provide pleasure and peace of mind to the people of the world” as stated in our Mission Statement (*2), and to establish the MITSUBA Group Basic Policy on Information Security that we shall comply with.
(*1) Transportation equipment-related business: Business centered on electrical components for automobiles, motorcycles, and other vehicles that apply such technologies.
(*2) MITSUBA Mission Statement: Together with those who support it, MITSUBA will provide pleasure and peace of mind to the people of the world by creating technology in harmony with society and the environment.
The following applies to information and personnel related to business activities.
- Applies to information assets handled by the MITSUBA Group and information assets entrusted to us by customers.
- Applies to MITSUBA Group executives, employees, and temporary employees.
MITSUBA shall clarify the organization and responsible person for the promotion and operation of information security management and implement appropriate management of information assets.
MITSUBA shall establish and comply with internal rules based on laws and various norms related to promoting information security and management.
MITSUBA shall regularly conduct security education according to job duties and operations, raise awareness of the importance of information assets, and ensure that such assets are properly used.
MITSUBA shall take appropriate human, physical, and technical measures against various risks caused by threats such as loss, destruction, falsification, leakage of confidential information, and unexpected service interruption.
MITSUBA shall continuously improve basic policy and related internal rules.
MITSUBA Group manages and operates the information systems of the entire Group, including the security of MITSUBA and its domestic and overseas affiliates, under the supervision of the person in charge of information security (Information Systems Chief Executive Officer) in accordance with the “Rules for Managing Information Systems in MITSUBA Group”.
As part of its efforts to strengthen information security, MITSUBA has obtained TISAX certification (*) for the MITSUBA Research and Development Center. Additionally, the MITSUBA Group is also working to obtain TISAX certification with the aim of strengthening its information security system, after determining the business characteristics and needs of each company.
(*) A system to acquire certification based on the information security evaluation criteria established by the German Association of the Automotive Industry, after being audited by external auditing organizations.
MITSUBA has established and operates an SOC (Security Operation Center) to enable early detection and prompt response to cyber-attacks such as malware and unauthorized access.
The SOC conducts security monitoring 24 hours a day and 365 days a year, targeting information devices and networks across the entire Group, including domestic and overseas affiliates, and analyzes and responds when anomalies are detected. Moreover, the SOC investigates new information security risks by utilizing websites with computer security information such as the Information-technology Promotion Agency (IPA) and JPCERT/CC (*), as well as the Vulnerability Countermeasure Information Database (JVN). At the same time, the SOC works to improve the level of information security by reducing risks and introducing security tools as necessary.
(*) Abbreviation for Japan Computer Emergency Response Team Coordination Center (JPCERT Coordination Center)
MITSUBA implements multi-layered security measures such as anti-virus software, firewalls, and website filtering, and also provides education and conducts awareness activities in order to prevent information leakage due to malware such as ransomware or unauthorized access to internal networks and systems from outside.
Moreover, when using external cloud services, we conduct an evaluation using a check sheet before starting to use the service to ensure that it can be used safely.
MITSUBA has established the “Group Information Infrastructure Utilization Guidelines” to prevent significant impacts on information assets (especially data), information networks, and information security, and to ensure the appropriate and smooth use of information infrastructure for personnel who handle information of the entire Group, including domestic and overseas affiliates.
MITSUBA regularly conducts information security education through e-learning for personnel who handle information of the entire Group, including domestic and overseas affiliates. In addition to how to use information devices, the educational content includes the importance of information leak countermeasures, an introduction to and countermeasures for attack methods that have been increasing in recent years, and initial responses in the event of malware infection.
Through this education, employees learn initial response procedures in the event of a malware infection and are also working to raise awareness of information security.
MITSUBA also provides information security education for management. The education contents include topics such as how to handle confidential information and aims to strengthen understanding of the roles required of managers and their ability to respond accordingly.
MITSUBA conducts a self-evaluation using the check sheet of the “Automotive Industry Cybersecurity Guidelines” which was jointly formulated by Japan Automobile Manufacturers Association (JAMA) and Japan Auto Parts Industries Association (JAPIA). Similarly, we also provide check sheets to our suppliers and ask them to complete the self-evaluation.
Moreover, we conduct regular information system audits of each department and domestic and overseas affiliates in accordance with regulations. During the audit, the audit office uses a check sheet to check the implementation status and takes corrective measures for any items that do not meet the standards.
Through these audits, the effectiveness of each company's security measures is confirmed, areas for improvement are clarified, and measures are shared, reducing the risk of information leaks and raising security awareness across the entire Group.
| MITSUBA Group Information Security Audit Implementation Rate (FY 2024) | 100 % |
|---|
The MITSUBA Group has established an emergency contact network to enable prompt information sharing and response in the event of an incident and has created a system that allows for prompt communication and instruction between relevant parties.
Moreover, MITSUBA has established an Information Systems Business Continuity Plan (IT-BCP) and “Information Security Incident Management Regulations” based on the plans and procedures to minimize the damage in the event of an emergency, and in order to maintain and improve their feasibility, so trainings on targeted attack e-mails and other activities are conducted according to the plan.
Furthermore, we have established CSIRT (*) as an organizational structure that can respond appropriately and promptly in the event a security incident occurs.
In the event of an extremely serious information security incident, such as the suspension of production due to a cyberattack, the Disaster-response Headquarters has been established based on MITSUBA's “Business Continuity Plan (BCP) Regulations” so that management decisions can be made in the event of an emergency, as in the case of a natural disaster such as an earthquake.
(*) Abbreviation for Computer Security Incident Response Team (CSIRT). A general term for an organization that deals with security incidents such as malware infection or unauthorized access.
Search