We shall acquire and safely protect confidential business information and personal information, from either Shimadzu or other companies, in accordance with appropriate rules.
(1) Building and Implementing Information Security Systems
Shimadzu shall establish an information security committee. The committee shall share the content and purpose of measures and promote their implementation.
(2) Acquiring Information in an Open and Fair Manner
We shall not acquire confidential or personal information using unethical means.
(3) Acquiring, Using, Managing, and Disposing of Information Appropriately
We shall acquire, use, manage, and dispose of information or data about business processes and technology received form customers, suppliers, or job applicants, and internal information or data about Shimadzu business processes or technology, appropriately in accordance with all applicable laws, regulations, contracts, and internal company rules.
(4) Defending Against Cyber-Attacks
We shall implement technical, physical, and human measures to increase our defenses against cyber-attacks.
Improving Information Security Within the Shimadzu Group
The Shimadzu Group shall obtain personal information and confidential business information related to Shimadzu and other companies based on appropriate rules. We will improve information security to ensure important information obtained from customers and suppliers is managed appropriately and not used for fraudulent or wrongful purposes.
To ensure continuous improvement of information security, the entire Shimadzu Group must cooperate and each and every relevant person must be mindful of managing and using such information appropriately.
We have conducted Information Security Committee meetings twice a year, chaired by the director in charge of information systems, and established systems for deploying committee decisions throughout Shimadzu Corporation and Group companies. At the meetings, the committee creates relevant regulations that incorporate the direction and contents of the measures discussed and the human, organizational, and technical countermeasures. It also decides the introduction of new information management methods and tools.
The committee is also involved in highlighting the importance of information security and conducting ongoing training activities, such as by distributing the Information Security Guidebook (a summary of information security rules), offering information security training via e-learning, and offering email training for understanding the threat of suspicious or fraudulent emails and learning how to deal with them.