Information Security Management Systems
Message from Group Chief Information Security Officer (GCISO)
The SoftBank Group addresses information security on a company basis in a variety of business segments, based on the SoftBank Group Charter and the SoftBank Group IT Governance Rules. The Group Information Security Committee meets regularly, sharing examples and issues at individual companies and laying the foundation for mutual cooperation in our activities.
Initially, information security addressed the safekeeping of customer data, and now measures are in place not only for the appropriate handling of information received from all stakeholders, but also to improve the effort without compromising its convenience.
Companies have been working in recent years to establish risk management covering areas including internal controls, CSR and compliance, and we at the SoftBank Group are utilizing the experience we have gained through our information security activities to date, while at the same time working in cooperation with each segment to further refine the organization. We will continue to engage in information security activities going forward as a Group, to gain the further confidence of all stakeholders.
Group Chief Information Security Officer (GCISO)
SoftBank Group Information Security Committee
The SoftBank Group clearly designates the post responsible for information security across the entire Group through the position of Group Chief Information Security Officer (GCISO). The Group Information Security Committee (G-ISC), chaired by the GCISO, is tasked with accurately understanding the status of information security at each Group company and being able to quickly implement security-related measures when necessary.
The G-ISC meets regularly to aggressively promote information security measures and activities across the entire Group in several ways — organizationally, physically, technically, and in terms of personal matters.
Role of Group Information Security Committee
- Share pertinent examples & issues on information security measures
- Monitor the status of each Group company's information security measures
- Establish and review policy on information security measures
- Familiarize and educate personnel on information security measures
- Execute relevant resolutions
SoftBank Group IT Governance Rules
The SoftBank Group IT Governance Rules is designed to ensure that all Group companies have a common understanding of appropriate measures for information security. These guidelines clearly set forth a policy for handling personal data and information assets in general, and help ensure that the entire Group is able to enforce rigorous protection against information leakage. The content is regularly reviewed to keep pace with technical innovation and changes to the business environment.
Employee training on information security
The SoftBank Group provides officers and employees with regular and ongoing education and training on personal information protection, to support a high standard of knowledge and ethical awareness.
Training is based on a dedicated handbook that contains details of information security policy and practice, and other programs, including e-learning and training sessions, are held as appropriate for the size and training background of the individual Group company concerned. Persons in charge of information security are able to pursue publicly recognized qualifications and attend meetings to learn from experts in related areas, and are encouraged to increase their knowledge and awareness through other such avenues. As a matter of principle, all persons employed in Group operations, rather than only regular employees, receive this training in order to ensure a high level of information security throughout the entire Group.