Information Security
Click to jump to the corresponding section in this page
Basic Policy
The use of information and IT is essential to corporate activities, and ensuring information security is one of the most important issues for any company that wants to effectively utilize all types of information in its possession. Konica Minolta treats information as a valuable asset, and is working to ensure information security. It does this by practicing proper information management to address risks such as loss, leakage, or destruction of data, while carrying out continuous improvements.
Promoting Information Security
Based on the leadership of the President and CEO as well as the officer responsible for IT planning who is appointed as the Chief IT Officer, Konica Minolta has established a Group-wide information security management system and is promoting a higher level of IT security and continuous improvements at Group companies worldwide.
In order to ensure the security (confidentiality, integrity, and availability) of controlled information, including not only data managed through IT systems but also information on paper and information about services and personnel, all Group companies in Japan have continuously maintained ISO/IEC27001 certification, which is the international standard for information security management, since fiscal 2009. In addition, once a year risk assessments of information security are conducted and a risk response plan is formulated. Meetings of information security promoters, with a representative from each business in attendance, are held every quarter. At these meetings, progress on risk response plans and actions taken — particularly incident summaries — are reported to the Information Security Control Officer and instructions for necessary responses are issued. In this way, the PDCA cycle is followed.
Furthermore, measures to prevent unauthorized use and information leakage are implemented through the enactment and operation of rules relating to the management of confidential information and the establishment of systems for restricting and monitoring access to confidential information and its off-site removal. Also, education on the protection of personal information and information security is given at least once a year to all officers and employees, including non-regular employees, of Group companies in Japan.
Outside Japan as well, Group companies work to obtain ISO 27001 certification. Also, all Group companies outside Japan are required to provide all employees with education on information security at least once a year.
In response to increasingly sophisticated cyberattacks, Konica Minolta implements global IT security measures. With management recognizing the importance of cyber risk countermeasures based on the Cybersecurity Management Guidelines formulated by Japan's Ministry of Economy, Trade and Industry, the Company has established a Group-wide incident response system (KM-CSIRT*) and built a reporting and response process for incidents and vulnerability information.
In fiscal 2024, five incidents were reported to KM-CSIRT. These incidents were appropriately addressed by the established incident response system, resulting in no impact on business operations. Recurrence prevention measures were also implemented through IT security.
Concurrently, to ensure the continuity of IT services essential for business continuity, Konica Minolta has implemented IT Service Continuity Management (IT BCM) across its organizations. The company has also established guidelines for development of IT Service Continuity Plans (IT BCP) in each organization and conducts annual IT BCP assessments.
Finally, Konica Minolta is putting in place IT security controls, which are a part of the IT controls required under the Financial Instruments and Exchange Act (Japanese Sarbanes-Oxley Act) while ensuring compatibility within the Group.
* KM-CSIRT: Konica Minolta's Computer Security Incident Response Team
Protecting Personal Information
Konica Minolta takes full precautions to protect the personal information of customers.
Konica Minolta, has established the Global Personal Data Protection Policy and regulations for protection of the personal data of the Konica Minolta Group, which address the EU’s General Data Protection Regulation (GDPR). In accordance with this policy and rules, the Group has established a worldwide system for protecting personal information and properly manages the personal information in its possession. Employees are also kept up-to-date on the policy and rules through e-Learning and other methods of training.
Moreover, a third party conducts an audit in line with the screening items for ISO/IEC 27001, the international standard for information security management. This confirms that laws, regulations and other norms are observed in line with the policy.
In the event that information leakage, including leakage of personal information held by Konica Minolta, is confirmed or is likely to have occurred, the information security management system will report it to the Personal Information Protection Officer. The Officer will immediately check the facts and degree of impact and submit the report to the Personal Information Protection Commission in Japan and other appropriate authorities in the respective countries.
A minor leakage of personal information occurred within the Group in fiscal 2024. We have implemented appropriate response measures through our incident response system and tightened IT security to prevent recurrence.
