Yaskawa has set forth the following policies regarding information handling in the Yaskawa Group Code of Conduct, and is continuously implementing various initiatives, including the establishment of systems and employee education, to respond to the growing information security risks.

Yaskawa Group Code of Conduct

4. Yaskawa Group respects intellectual property rights such as patent rights, copyrights and trademark rights by protecting its own rights and not infringing the rights of others.

5. Yaskawa Group’s policies and procedures protect not only its own information but also important information of other companies and personal information. Yaskawa Group also discourages and tolerate no insider trading.

6. Yaskawa Group complies with company information disclosure rules and strive to disclose correct information in a timely manner.

7. Yaskawa Group creates and stores information properly and records the grounds for making key business judgments and decision-making in the course of operations appropriately.

Information Security Initiatives

The Yaskawa Group is improving its IT infrastructure to improve management efficiency and support business growth in order to realize global digital management. In particular, we are working to strengthen information security from the perspective of minimizing the risk of business crises. In fact, based on the Regulations on Information Security Management, we are working to strengthen information security and provide education and enlightenment.

For the next mid-term business plan, we are working to establish a zero-trust security model, and as a risk hedge, we are working to strengthen risk management by centrally monitoring information security threat information, including that of the Yaskawa Group. In addition, as a measure to strengthen governance, we are working to improve and evolve each day with the goal of improving the level evaluation score for security measures.^*1

Information security audits systematically audit IT systems to maintain and improve security.

*1 Measure evaluation scores for each IPA compliant security index

Information Security System

The information security system is managed by the Information Security Committee under the Chief Information Security Officer (CISO), and promotion officers are assigned to each global location, business division and subsidiary to enhance information security system.

We are also strengthening our three-line defense system by incorporating an external Security Operation Center (SOC).

Status of Response to Data Breaches and Incidents

With the ongoing activities of the internal CSIRT organization, there have not been any serious data breaches or incidents that could affect company management. (As of February 2023) In addition, daily security measures are in place against ransomware and targeted attack e-mails preventing infection or business impact.

Training Employees on Risks and Responses Related to Data Security and Privacy

We have established the Company Information Management Rules to eliminate risks and conduct business activities safely when handling information assets, including personal information. These Regulations set forth a code of conduct for officers and employees (including subcontractors) concerning information security. Based on this, the Company has prepared a Company Information Management Manual, which defines the level of confidential information of data received from customers and internally processed data, and operates it according to business processes from creation, acquisition, and the definition of scope of disclosure to disposal.

We have also established the Information Systems Management Division and the SIRT Division under the CISO to strengthen security. The main measures taken against unauthorized access and cyber attacks include strengthening the security of file transactions with external parties (manager approval and automatic data encryption), internet isolation, internal system defense using security appliances, 24 hour monitoring using the Security Operations Center (SOC), and training for responding to targeted e-mail.

We have also established the Information Systems Management Division and the SIRT Division under the CISO to strengthen security. The main measures taken against unauthorized access and cyber attacks include strengthening the security of file transactions with external parties (manager approval and automatic data encryption), internet isolation, internal system defense using security appliances, 24 hour monitoring using the Security Operations Center (SOC), and training for responding to targeted e-mail.
We also conduct an information security e-learning program for the group employees in Japan once a year to raise awareness of information security among employees.

In addition, once a month, with the aim of improving information security awareness, internal reporting is made on the status of implementation of preventive measures against risks, occurrence of incidents, and response status.