Approach to Risk Management
As the data-driven society advances and the importance of information security increases, Tokyo Electron aims to achieve both data utilization and information security by promoting digital transformation and other measures, and actively promote measures that protect the entire supply chain from the risk of cyberattacks that target companies.
Information Security Systems
The Vice President and General Manager, Information Security, run the Security Committee and implement measures on a global scale. We hold the TEL Group Information Security Committees twice a year, and Information Security Committees at each company more than twice a year.
Security at Manufacturing Sites
We implement security measures at each manufacturing site to ensure that the manufacturing systems that support our business activities are operating safely and stably while maintaining QCD*.
* QCD: Quality, Cost, Delivery
Information Security Management
We established global information security rules, and conduct security education twice a year and phishing email training every month for all executives and employees. We hold seminars twice a year to share the latest situation to all Group members. In addition, we implement risk assessments and internal audits for each department of the entire Company to identify risks and strengthen technological, human, organizational and physical security measures.
Supply Chain Security
We respond to customer requests for security and monitor the security status of our suppliers to ensure that confidential information and information on our customers and suppliers that is shared in the course of business activities can be used safely without a loss of convenience.
Responses to Security Threats
We have proactively introduced advanced technology and established a dedicated security organization to build a robust monitoring system in order to respond to security threats such as cyberattacks and information leaks.
We operate a system that can detect the occurrence of security incidents. We confirm pre-determined procedures so that we can do the right actions for a swift response and recovery by implementing incident response training. We also implement a penetration test* once a year to verify system vulnerabilities.
* Penetration test: A test method for verifying vulnerabilities in
networks, PCs, servers and systems.
Overview of Information Security