TOKYO ELECTRON LIMITED

Information Security

Approach to Information Security

An environment where data can be used safely and securely is crucial for the continuous and steady development of the operations of the Company. For this reason, we view the assurance of information security as an important managerial issue, and continuously reinforce the protection of information about our customers and suppliers as well as confidential information on leading-edge technology. In addition, we strive to strengthen information security to ensure the stable operation of the entire supply chain.

TEL Group Information Security Policy


July 1, 2020 Established
June 1, 2026 Revised

  1. Introduction
      As society becomes increasingly reliant on information, information security risks continue to grow. Organizations are therefore required to effectively manage, protect, and utilize information. The TEL Group recognizes that ensuring the confidentiality and integrity of information, as well as the availability of systems that support its business operations, is essential. We are committed to identifying and assessing risks and ensuring information security.
      This policy sets forth the fundamental principles of information security that guide the TEL Group’s business activities.



  2.   
  3. TEL Group Information Security Goals

      Maintain the confidentiality, integrity, and availability of all information assets necessary for business, including the environments in which they are processed (collectively, “information assets”), to enhance the corporate value of the TEL Group.

      Implement the following measures to achieve this:

      • Protect and properly manage confidential information to prevent data leakage and enhance customer satisfaction

      • Prevent unauthorized alteration of information assets and ensure that business is conducted based on accurate information

      • Strengthen resilience against incidents to ensure business continuity

      • Comply with applicable laws, social norms, and the ethical standards, and fulfill the social responsibilities

      • Achieve both digital transformation (DX) and security in a balanced manner



  4. Primary Objectives

    • Appoint a Chairperson of the Information Security Committee to oversee information security across the TEL Group, establish a globally unified information security strategy, and ensure the implementation of necessary measures throughout the TEL Group

    • Establish common information security rules in compliance with applicable laws and international standards, provide training to raise awareness and ensure adherence to these rules, and maintain appropriate information management across the TEL Group

    • Continuously monitor and detect security threats, and continuously improve information security through the PDCA (Plan-Do-Check-Act) cycle

    • Ensure information security across the entire supply chain

    • Establish a unified incident response process across the TEL Group, and enhance response capabilities through continuous training





  • *Confidentiality: Information assets can only be accessed by authorized persons.

    *Integrity: Information assets are maintained in an accurate state without unauthorized alteration or error.

    *Availability: Information assets are available to authorized personnel whenever needed.

Main Activities

 


              
 
Information Security Systems Responding to Security Threats Information Security Management
Information security strategies for the entire Group are developed at the TEL Group Information Security Committee, chaired by our executive officer.
In addition, we are building a Group-wide system dealing with security measures based on the shared understanding and collaboration with the Information Security Committees of each company.
Specialized security engineers monitor threats, such as cyberattacks or internal fraud 24 hours a day, 365 days a year. We have a rapid response system where information is shared swiftly among relevant divisions in the event of an incident. To protect information assets from various threats, we have established global security policies and are gradually progressing toward ISO/IEC 27001*¹ certification while striving for continuous improvements based on PDCA cycles.
In addition, we are working on improving security awareness and literacy by conducting continuous information security training for all employees.
   
 
Security at Manufacturing Sites and in Products Supply Chain Security External Activities and Strengthening of Information Security Human
Resources
 We are strengthening security at our manufacturing sites to ensure the safe and stable operation of our manufacturing systems. Furthermore, we are also implementing security measures, not only in our products, but also in our manufacturing processes and field support so that our customers can use our products and services with assurance. To protect the entire supply chain from information security threats, we regularly conduct information security assessments on our suppliers. We are working on the continuous enhancement of security measures by making improvements with our suppliers on identified issues We are contributing to the improvement of information security levels in the semiconductor industry and in society as a whole through external security activities such as initiatives for the standardization of security in SMCC*². We are also actively engaged in the recruitment and development of human resources that support information security.

ISO/IEC 27001: International standard for Information Security Management Systems

SMCC: Semiconductor Manufacturing Cybersecurity Consortium. A consortium that deliberates on strengthening cybersecurity within SEMI, an international semiconductor industry association