Throughout the entire Hitachi Group, including companies in business reorganizations and companies integrated as a result of M&As, we are working to ensure compliance and business continuity for internal IT.
To respond to the risk of information leaks and increasing cyberattacks, as well as to ensure proper use of software, we are continuing our efforts to strengthen our IT controls.
Throughout the entire Hitachi Group, including companies resulting from business reorganizations and companies that have been integrated as a result of M&As, we are working to ensure information security, IT compliance, and business continuity for internal IT, and are encouraging the standardization and sharing of IT.
We are engaged in a thorough application of IT controls, by establishing IT rules and standards as well as by performing self-diagnostics and internal audits.
To reduce company-internal IT risks, we request that BUs and Hitachi Group companies comply with IT rules that stipulate essential requirements for IT controls. These rules focus on information security, IT compliance, and business continuity. To promote compliance, we created self-inspection checklists to verify the status of compliance with IT rules and guidelines, and introduced a system that requires BUs and Hitachi Group companies to periodically self-inspect their own IT and to take corrective action. Furthermore, if company-internal audits conducted by the auditing department detect any deficiencies, the BU or Hitachi Group companies is required to make corrections, thereby ensuring thorough IT controls.
The self-inspection system is not limited to Hitachi Group companies in Japan, it also applies to Hitachi Group companies outside Japan. To ensure that the system is thoroughly implemented at BUs and Hitachi Group companies, we clearly defined in advance the target companies for each business group and specified that the business group is responsible for ensuring their subsidiary companies conduct self-inspections. As a result, the self-inspection implementation rate has remained above 90% since FY 2020. Aiming at an implementation rate of 100%, we are continually enhancing our efforts through cooperation with business group leaders.
Also, Hitachi provides BUs and Hitachi Group companies with services (such as authentication and antivirus measures) that are necessary for compliance with IT rules and guidelines. In response to the increase in cyberattacks in recent years, we clarified guidelines on measures against software vulnerabilities that pose particularly high risks, and are providing services that support BUs and Hitachi Group companies in implementing the measures. We are also using these services to help BUs and Hitachi Group companies that find it difficult to take adequate measures on their own to improve their response capabilities.
As business integration through M&A and other events increase, we are strengthening measures to reduce IT risks at an early stage for related BUs and Hitachi Group companies. Particularly, from the above-mentioned self-inspection checklist, we selected and set priority items (such as vulnerability measures) that acquired companies must comply with. We request the parent company of the business group that conducts M&A to ensure that the self-inspection of priority items is performed by the acquired company and, that if any deficiencies are found, corrections are made by a specified deadline.
