Information Security

Basic Policy

As the digitalization of business continues, we position IT and information security, as it pertains to risk management, as a focal theme in the running of our business given its impact on many domains. The Alps Alpine Group has set up an Information Management Committee that establishes ISO/IEC 27001-compliant regulations relating to information management, deploys information security enhancement measures and implements related employee training, while liaising with information officers in individual departments to ensure safe global information management.

Information Security Basic PolicyOpen PDF file in New Window

Identified Information Risks

Changes in our internal and external environments are potentially conducive to the falsification, destruction or leaking of information and information systems in the Company's possession. Alps Alpine identifies the following information risks.

  • Suspension of operations or production/shipment activities
  • Payment of damages for the leaking of entrusted information
  • Deterioration of competitiveness due to the leaking of new technology
  • Damage to corporate image and loss of sales opportunities caused by a security incident

Implementation Structure

Alps Alpine has established an Information Management Committee that works to lower information security risks for the entire Alps Alpine Group and enable proper information management.

Implementation Structure

Implementation

To ascertain the level of entrenchment of information management policy and measures, and to make improvements, we conduct information management audits of each department on an annual basis to confirm the status of information management, as well as actual implementation of education and issues. In response to changes in the business environment – including the growing threat of cyberattacks, which have become notably more sophisticated in recent years, increasing use of cloud systems, and adoption of new working styles, such as working from home – we are working to optimize information and security system operation, maintenance and failure response through operational audits of information system departments. In this way, we are putting in place frameworks for preventing data falsification and leaks and maintaining stable systems operation.
We have also formed a Computer Security Incident Response Team (CSIRT) to enable swift and appropriate action to minimize damage incurred in the event of an information security incident.

For more about cybersecurity for automotive products, visit:

Product Quality and Safety

For more about privacy protection, visit:

Privacy Policy

Certification

Trusted Information Security Assessment Exchange (TISAX) certification, based on the German Association of the Automotive Industry Information Security Assessment (VDA-ISA), has been acquired for sales, development and production bases involved in the automotive business. Efforts to keep the certification up to date are ongoing.

TISAX Certification