Governance

Information Security

We recognize that the risks of information leaks through internal fraud targeting the information retained by companies and the disruption of business activities due to cyber attacks are increasing as demonstrated by reports of information leak incidents by retiring employees, targeted e-mail attacks, and other cases in recent years.

In order for Murata to continue to sustainably grow and provide reassurance to all stakeholders, we believe that it is important to protect the information retained by the company including technical information, management information, and other company secrets as well as personal information handled by the company and information provided by clients, customers, and partners. Therefore, information security has been selected as one priority issue (materiality) for Murata.

In FY 2007, Murata established an information security subcommittee as a lower branch of the Risk Management Committee, which incorporates recent risk trends and related guidelines from Japan and overseas based on international standards (ISO27001) to implement information security management. Specifically, the subcommittee enacts Information security basic policy, Information security management regulations, Privacy policy, and other rules to develop and operate information security measures in terms of human, technical, and physical aspects while periodically convening meetings of the information security subcommittee to examine new and persistent risks, propose measures, and implement them. In addition, the subcommittee also strives to increase the adoption and improvement of such measures through internal and external audits and diagnostics.

Human aspects

Information security related rules are described in Employee handbook and the pledge with employees. In addition, the "Information Security Guidebook," which explains the rules in an easy-to-understand manner, is written and distributed in Japanese, English, and Chinese so that all officers and employees in Japan and overseas can understand information security and handle information in the proper way.

Moreover, the company also implements annual training, phishing e-mail exercises, new employee and in-house training by level, and other forms of education targeting all employees to increase their awareness of information security. Because the recommendation to institute telecommuting during FY 2020 as a measure to combat the novel coronavirus infection created a significant change in the working environment, education concerning information security during telecommuting was provided.

Technological aspects

In order to deter leaks of Murata's trade secrets and personal information as well as interruptions of business activities due to cyber attacks, we are strengthening anti-malware measures, hardware asset management, firewall construction, internet communication checks, ID management, system access controls, diagnosis and countermeasures for vulnerabilities in current information systems, and the monitoring of IT devices and communications.

Moreover, we are globally collecting and monitoring various logs to construct a system for responding to incidents which may become a security accident. In particular, we are strengthening security at manufacturing plants which form the basis of business activities and promoting responses and countermeasures to cyber attacks and risks changing on a daily basis from the IT technology side to maintain a stable and safe manufacturing system.

Physical aspects

To prevent unauthorized intrusions into premises at offices, sites and affiliated companies in Japan and overseas, access control of people and vehicles is carried out at all times. Security zones are established within business sites according to the level of security control, and various measures including access controls using ID cards, etc. are implemented in highly secure zones to prevent unauthorized internal and external intrusions. Moreover, in order to continuously improve the physical security level, we periodically diagnose and audit the operating conditions from the perspectives of early detection and evidence accumulation measures in addition to restricting people's movements and preventive measures, and we are promoting the construction of a system to horizontally deploy responses to accidents and incidents which may become accidents with other offices, sites and affiliated companies.