Information Security

img_sustainability_logo

Our Commitment to Information Security

The Advantest Group recognizes information received from customers and clients, in addition to our company’s technology and sales information, to be valuable information resources. We are committed to proper management of information through the security measures of the Information Security Committee, which include establishing regulations, constructing control systems, and providing employee education.

Policies and Rules Related to Information Security

Advantest has established an Information Security Basic Policy. Rules are specified in five policies: our Privacy Policy, Confidential Information Management Policy, Education & Incident Management Policy, IT Security Policy, and Social Media Policy. Each policy will be reviewed by the Information Security Committee as necessary.

Policies and Rules Related to Information Security

Organization of the Information Security Management System

Advantest recognizes information security management to be a critical business management issue, and has instated the General Manager of Administration as the Information Security Officer within a global system.

Furthermore, Regional Information Security Officers have been appointed in each country to deliberate information security measures to be applied to the Group from various perspectives, and they consider the establishment, revision, and abolition of rules and policies for security measures, thus realizing a system in which each company can actively implement information security measures.

Specifically, the General Manager of Administration in each company functions as the Regional Information Security Officer and is responsible for the management of information security in their assigned region; they appoint members from relevant departments in their countries to be the personnel in charge of implementation. Important reports from each country are forwarded to the Information Security Officer through the Information Security Committee.

Organization of the Information Security Management System

System for Responding to Information Security Incidents

In FY2020, Advantest formed the Advantest CSIRT*1 to reinforce initial response systems for information security incidents. Furthermore, a SOC*2 security monitoring system that operates 24 hours a day, 365 days a year has also been incorporated to facilitate early detection and swift response to global cyberattacks.

An emergency call center (available 24 hours a day) has been established to receive incident reports from employees, thus realizing a system that can receive information at all times.

*1 CSIRT (Computer Security Incident Response Team)

*2 SOC (Security Operation Center)

System for Responding to Information Security Incidents

Efforts to protect information

Information Security Training

Based on our belief that people are the last line of defense in information security, our Group is working to ensure that our information security policies and relevant regulations are thoroughly understood. Information security training, in which all employees participate, is based on the policies of "Personal Information Protection", "Confidential Information Management", "Training and Incident Response" and "IT Security" along with training that includes simulations of actual cyberattacks.

Furthermore, information on information security is published on the company website to provide information to employees in a timely manner.

We will continue to develop and implement more practical content, such as rules reinforcement and addressing important topics.

Training/Awareness Raising as Part of the Information Security Training

  • Information Security Training through e-learning for all employees: 1
  • Targeted email threat training: 1
  • Broadcast of information to raise awareness: 9

Initiatives for Strengthening Information Security

  • The Advantest Group has established a system in which our audit division conducts information security audits. This enables more objective checks to be carried out based on specified rules and provides a way for the divisions that have been audited to give feedback.
  • Since FY2019, we have been making efforts to further reinforce security by configuring multi-factor authentication in order to prevent identity theft.
  • Security risk assessments and vulnerability tests conducted by external organizations are carried out to objectively evaluate our information security measures, and the results enable us to narrow down the points that need improvement in order to raise our level of security.
  • As security measures, enhanced filtering functions and adding warnings on emails sent from outside the company have been added.
  • Efforts are underway to acquire ISO27001 certification to ensure continuous implementation of PDCA to reinforce our level of security. We are scheduled to acquire this certification in FY2021.

Confidential Information Protection

Our Information Security Basic Policy defines confidential information as information that has been disclosed by clients under contract along with information that is important to the company. Moreover, the policy stipulates that such information must be handled in accordance with relevant regulations.

Accordingly, we are committed to ensuring that confidential information is not divulged outside the company by ensuring that it is protected through the use of adequate controls governing its storage, disclosure and handling. In fiscal 2020, there were no incidents involving the unauthorized disclosure of important confidential information, etc.

Personal Information Protection

We consider the confidentiality of all personal information entrusted to us to be very important, and accordingly we take steps to ensure that such information is properly protected and managed.

Our commitment to safeguarding personal information entails posting personal information managers in divisions that handle such duties, and ensuring that those managers carry out their duties properly with regard to overseeing such information. Furthermore, we perform regular audits of personal information management and usage practices in each division, and make improvements whenever deficiencies are discovered.

In Group companies outside of Japan, Regional Information Security Officers work to protect and manage personal information in accordance with the laws, regulations, and demands of each respective country or region.

There were no major cases of personal information leaks in FY2020.