Information Security
Basic Policy
Alps Alpine recognizes it has a social responsibility to rigorously manage customer and supplier information (including private information about individuals) as classified information together with its own information. As basic policies, we maintain that we will not inappropriately disclose information to parties outside the company; that we will not use information for non-business purposes; and that, except in special circumstances, we forbid information being taken outside the company. These basic policies are included in a set of information security management system (ISMS) standards that apply to all group companies in Japan and overseas and are made known to the entire workforce from officers to regular employees.
Identified Information Risks
Changes in our internal and external environments are potentially conducive to the falsification, destruction or leaking of information and information systems in the Company's possession. This gives rise to the following risks.
- Suspension of operations or production/shipment activities
- Payment of damages for the leaking of entrusted information
- Deterioration of competitiveness due to the leaking of new technology
- Damage to corporate image and loss of sales opportunities caused by a security incident
Implementation Structure
Alps Alpine has established an Information Management Committee that works to lower information security risks for the entire Alps Alpine Group and enable proper information management.
Implementation
Alps Alpine takes steps to enhance information security having established a set of ISMS standards in conformance with ISO 27001. To entrench and improve related policies and measures, the Information Management Committee annually conducts a management review, assesses risks and develops risk mitigation measures. Information security education, department information asset inventories and inventory status confirmation, and internal audits are carried out each year.
In response to the threat of cyberattacks, which have become notably more sophisticated in recent years, we undertake operational audits of information systems departments to check that the company’s information systems and security systems are operating properly with appropriate maintenance and handling of problems, and that frameworks are in place to prevent data falsification and maintain stable systems operation.
Additionally, a Computer Security Incident Response Team (CSIRT) has been formed. The team makes preparations to enable swift and appropriate action to minimize damage incurred in the event of an information security incident.
For more about our management of cybersecurity for automotive products, visit:
Certification
Besides accommodating legal changes made to reflect privacy concerns (Personal Information Protection Law revisions and the EU's General Data Protection Regulation), Alps Alpine has put in place cybersecurity management systems (CSMS) for application to automotive products, reflecting heightened awareness about product safety in the automotive industry.
We also subject sales, development and production bases involved in automotive business to examination for the Trusted Information Security Assessment Exchange (TISAX) based on the German Association of the Automotive Industry (VDA) Information Security Assessment (ISA).