Information Security

Approach to Risk Management

As the data-driven society advances and the importance of information security increases, Tokyo Electron aims to achieve both data utilization and information security by promoting digital transformation and other measures, and actively promote measures that protect the entire supply chain from the risk of cyberattacks that target companies.

Main Activities

Information Security Systems

The Vice President and General Manager, Information Security, run the Security Committee and implement measures on a global scale. We hold the TEL Group Information Security Committees twice a year, and Information Security Committees at each company more than twice a year.

Security at Manufacturing Sites

We implement security measures at each manufacturing site to ensure that the manufacturing systems that support our business activities are operating safely and stably while maintaining QCD*.

* QCD: Quality, Cost, Delivery

Information Security Management

We established global information security rules, and conduct security education twice a year and phishing email training every month for all executives and employees. We hold seminars twice a year to share the latest situation to all Group members. In addition, we implement risk assessments and internal audits for each department of the entire Company to identify risks and strengthen technological, human, organizational and physical security measures.

Supply Chain Security

We respond to customer requests for security and monitor the security status of our suppliers to ensure that confidential information and information on our customers and suppliers that is shared in the course of business activities can be used safely without a loss of convenience.

Responses to Security Threats

We have proactively introduced advanced technology and established a dedicated security organization to build a robust monitoring system in order to respond to security threats such as cyberattacks and information leaks.

Increasing Resilience

We operate a system that can detect the occurrence of security incidents. We confirm pre-determined procedures so that we can do the right actions for a swift response and recovery by implementing incident response training. We also implement a penetration test* once a year to verify system vulnerabilities.

* Penetration test: A test method for verifying vulnerabilities in
 networks, PCs, servers and systems.

Overview of Information Security

Overview of Information Security