Governance

Information Security Initiatives

Based on international standards (ISO 27001), Murata implements information security management that incorporates recent risk trends and related guidelines from Japan and overseas. Specifically, Information Security Basic Policy, Information Security Management Regulations, Privacy Policy and other rules are enacted to develop and operate information security measures in terms of human, technical, and physical aspects. The information security subcommittee periodically meets to examine new and persistent risks, and to propose and implement measures.
Topics discussed by the Information Security Subcommittee are supervised by the Board of Directors through the Risk Management Committee.

Human aspects

Information security-related rules are described in the work rules and the pledge with our employees. In addition, the “Information Security Guidebook,” which explains the rules in an easy-to-understand manner, is written and distributed in Japanese, English, and Chinese so that all officers and employees in Japan and overseas can understand information security and handle information in the proper way.

Murata also implements annual training for all employees to increase their awareness of information security, phishing email drills, in-house training by employee level (new employees, etc.), and information security training for telecommuting employees.
(Fiscal 2024 Global training ratio* = 100% [*Training ratio = (Number of sites that have conducted training) / (Total number of sites)])

Technological aspects

In order to deter leaks of Murata’s confidential information and personal information as well as interruptions of business activities due to cyber attacks, we continue to strengthen anti-malware measures, hardware asset management, firewall construction, Internet communication checks, ID management, system access controls, and vulnerability diagnosis and countermeasures by external professionals.

Moreover, we are globally collecting and monitoring various logs to construct a system for responding to incidents which may become a security accident. In particular, we continue to strengthen security at the plant sites that form the basis of our business activities. We promote responses and countermeasures to constantly changing cyber attacks and risks, which include regular testing and drills for incident response, in order to maintain a stable and safe production system.

Physical aspects

To prevent unauthorized intrusions at property boundaries at offices and affiliated companies in Japan and overseas, access control of people and vehicles is carried out at all times. Security zones are established within business sites according to the level of security control, and various measures including access controls using ID cards, etc. are implemented in highly secure zones to prevent unauthorized internal and external intrusions. Moreover, in order to continuously improve the physical security level, we periodically diagnose and audit the operating conditions from the perspectives of early detection and evidence accumulation measures in addition to restricting people's movements and preventive measures, and we are promoting the construction of a system to horizontally deploy responses to accidents and incidents which may become accidents with other offices, sites and affiliated companies.