Information security
Each and every employee conducts our activities according to Sanden’s IT security basic policy to gain customer trust and confidence.
Policy and System
IT security basic policy was issued in the Sanden Group in 2001. Each and every employee acts according to the IT security basic policy to earn customer trust and confidence.
Company System
Based on the reorganization from a holding company to an operating company in January 2022, Sanden is
implementing policy and control for the entire Group.
In response to the recent increase in cyberattacks, Sanden conducts security countermeasure risk
assessments at Sanden Corporation, our business companies, and overseas companies as a preventative
measure against computer viruses, information leakage, and junk mail, and strive together with Group
companies to enhance risk countermeasures.
To address cybersecurity risks surrounding the automotive industry today, it is indispensable to comply
with the security guidelines established by the Japan Automobile Manufacturers Association, Inc. (JAMA)
and the Japan Auto Parts Industries Association (JAPIA).
To this end, we are making Group-wide efforts to build a security promotion system and strengthen security
measures.
We are now working to gain Trusted Information Security Assessment Exchange (TISAX) certification,
established by the German Association of the Automotive Industry, in fiscal 2024.
Thoroughness of IT Security Education
To reduce the risk of information leakage, increase the awareness of information security, and provide
education on and ensure rule compliance, the Sanden Group holds regular training sessions at Group
companies, including all overseas companies. Especially for new employees, group training is provided not
only about IT security related items for special attention but also regarding the usage of IT in the
Sanden Group and basic approach to security with the aim of deepening their understanding of these
matters.
Please note that as part of activities to increase security awareness, employees who have been educated
about security, are obliged to sign a pledge to abide by security regulations.
Results in FY2023
Continuing from fiscal 2022, we have seen a series of cases of unauthorized access due to targeted
attacks. Business email fraud has also increased, causing financial damages around the world.
Although at the Sanden Group, there had been no report of damage from such attacks, we provided IT
security education and training against targeted email attacks to all IT users both in Japan and overseas
to raise their security awareness.
Sanden will continue to strive to reduce the risk of information leaks and raise company-wide awareness of
information security in line with trends in the world and the trending IT-related laws and regulations.
Strengthening of Information Leakage Countermeasures
The leakage of the important information about customers is an important business issue which leads to
losing corporate trust, so we are working on the following measures.
Results in FY2023
With cyberattacks becoming more sophisticated and diverse, a large number of cyberattack
incidents—including ransomware attacks and unauthorized access—have been reported worldwide. In response,
we strengthened measures against attacks that exploits vulnerabilities in computer systems and software,
one of major causes of unauthorized access.
These measures have enabled us to take prompt action against known vulnerabilities and further reinforce
our defense against sophisticated threats to prevent information leakage.
There were no information security incidents, such as complaints about infringement of customer privacy
(complaints received from outside parties, approved by the organization or by regulators) and the leakage,
theft or loss of customer data.
Global Communications Environmental Enrichment
To strengthen security in the Group’s global communications environment and enhance its operational
efficiency, we are working on the reinforcement of our information system infrastructure by using an
optimal cloud environment.
Results in
FY2023
As a continuing activity from fiscal 2022, we have been working on promoting the utilization of
cloud-based communication environments. In addition to strengthening information security, we have been
creating environments that make it easy to share schedules/documents and hold online meetings Group-wide
on various devices.
Implementation of IT Assessment
The Sanden Group conducts IT surveys each year on a global basis to ascertain and raise the level of IT
risk management.
Results in FY2023
We are helping Group companies identify problems and rapidly solve them by continuously revising
assessment items based on recent trends, incidents, and accidents.
In fiscal 2023, there were no serious security risks in the Sanden Group’s systems. Even so, we are
striving together with Group companies to enhance our risk countermeasures according to the priorities we
have set.
Execution of IT System Audits
To improve the level of IT security, it is important to autonomously implement the PDCA cycle. With this
in mind, an IT internal control and internal and external audits are completed each year in order to grasp
the level of IT security and to improve weak points.
Results in FY2023
Sanden conducted internal and external audits on important systems related to financial reporting. No
deficiencies that might lead to major issues were cited in the audit reports.
We will continue to standardize our auditing processes and strive to create and maintain an optimal IT
environment by strengthening our pre-audit systems.
In addition,the IT Division of Sanden Corporation obtained the certification to ISO 27001, which is the
international standard for information security last year. We are now making company-wide efforts to
enhance security by building the system to promote information security.