Information Security Basic Policy
The Hitachi Automobile Transportation Group (hereinafter referred to as "the Group") protects the Group's information assets from threats such as accidents, disasters and crimes, and in order to respond to the trust of customers and society, we will work on information security throughout the company based on the following policies. .
1. Responsibilities of Management
The Group will systematically and continuously strive to improve and enhance information security under the initiative of management.
2. Improvement of internal system
Our group establishes an organization to maintain and improve information security, and establishes information security measures as formal internal rules.
3. Employee Efforts
Our group's employees will acquire the knowledge and skills required for information security, and ensure that our efforts toward information security are solid.
4. Compliance with legal and contractual requirements
The Group complies with laws, regulations, norms, and contractual obligations related to information security, and meets customer expectations.
5. Responding to Violations and Accidents
The Group will take appropriate measures in the event of legal violations, contract violations, and accidents related to information security, and strive to prevent recurrence.
"SECURITY ACTION"
What is
"SECURITY ACTION" is a system in which small and medium-sized enterprises can "self-declare" their commitment to information security measures.
This is a system established by IPA to promote activities that encourage small and medium-sized enterprises to take voluntary information security measures and realize a safe and secure IT society.
"SECURITY ACTION" is not a system in which IPA certifies or provides certification of the status of information security measures, etc.
"SECURITY ACTION"
Two-star initiatives
A two-star rating for "SECURITY ACTION" requires the following efforts.
-
Understand your company's situation with "In-house information security diagnosis that can be done in 5 minutes"
-
"Basic Information Security Policy"and declare that it has been made public.