Development of a Management System
The Company set up the Dentsu Group Basic Policy for Information Security and a very strict information security management system to protect the Group’s important data, as well as personal and other information received from clients. The Company has compiled information management rules and related regulations. Company officers and employees are made aware of these and are expected to comply. In addition, the Company provides training for new employees and briefings for employees in general, while also distributing videos and pamphlets to raise awareness. Given the importance of managers in information management, the Company has also started a new manager training course to educate managers about their roles and responsibilities. Further, to enhance information security, Dentsu obtained ISO/IEC 27001:2005 and JISQ 27001:2006 certification. These are international standards for information security management systems.
As of July 2019, all 51 Dentsu Group companies have acquired integrated collective certification under these standards through Dentsu Group Company Information Security (DGCIS) activities. The DGCIS Supervision Office is located within the Dentsu Legal Division. It creates information security systems for each company, promotes Group-wide information security, and conducts comprehensive supervision.
Dentsu strives to implement stringent information security management for the entire Group, and to flexibly respond to the ever-changing and increasingly sophisticated information and communication technology environment.
Information Security Management System
Dentsu Group Information Security Basic Policy
Group member companies address information security in all business areas, by putting in place policies and procedures to systematically manage sensitive data. They recognize the role of information security management in protecting important information.
Compliance with Laws
Based on requests from our stakeholders, including clients and business partners, we properly address information security management to ensure compliance with relevant laws and regulations. In particular, personal information is strictly managed.
Strict Information Management
We will strictly manage information to prevent any leakage, loss, damage or misuse of information, such as confidential client information and personal information. We share such business information only among employees and Group companies with appropriate clearances. In selecting our subcontractors, we take into consideration how they are addressing information security.
Maintaining and Improving Achievement Levels
We intend to maintain our current security level and improve it through our PDCA cycle activities. We educate all of our employees, from executives down, regarding information security, so that they can acquire the appropriate knowledge and develop the necessary judgment.
Adaptation to Environmental Change
We will continue to update our information security management system and concomitant rules even as we take a flexible approach to environmental changes in our Group’s business areas, the information assets handled by our Group, and developments in the area of information and communication technology (ICT).