Development of an Information Security Management System
Dentsu established the 'Dentsu Group Basic Policy for Information Security' and established a very strict information security management system to protect important data held by the Dentsu Group as well as personal and other information received from clients.
The Dentsu Head Office in Tokyo received BS 7799-Part 2:2002 certification for information management security, the predecessor of ISO/IEC 27001:2005, in March 2003. This was expanded to the entire Company when the Kansai and Chubu offices received the same certification in April 2005. In 2015, Dentsu went on to implement ISO/IEC27001:2013 and JIS Q 27001:2014, the international standards for information security management system (ISMS).
As of March 31, 2015, Dentsu Inc. and 50 Dentsu Group companies in Japan have this certification.
Dentsu strives to implement stringent information security management through such measures for the entire Dentsu Group to flexibly respond to the ever-changing and increasingly sophisticated environment of information and communication technology.
Dentsu Group Basic Policy for Information Security
All of the companies in the Dentsu Group will address information security management as a unified group. In all of our business areas, the Dentsu Group will address information security management in order to protect important information held by our group.
- 1. Compliance with Laws
- Based on requests from our stakeholders, including clients and other business partners, we will properly address information security management to ensure compliance with the relevant laws and regulations. In particular, personal information will be managed in a strict manner.
- 2. Strict Information Management
- We will manage information strictly to prevent any leakage, loss, damage or misuse of information such as confidential client information and personal information. We will share such business information only among employees and group companies with the appropriate clearances. In selecting our subcontractors, we will fully consider how they are addressing information security.
- 3. Maintaining & Improving Achievement Level
- We will maintain the current security level which we have already achieved and improve it through our PDCA cycle activities. We will also enlighten and educate all of our employees, from executives downward, about information security so that they can acquire the appropriate knowledge and judgment.
- 4. Adaptation to Environmental Changes
- We will flexibly adapt to the environmental changes in our group's business areas, information assets handled by our group, and the information and communication technology (ICT) field, and will update our information security management system and rules accordingly.