Information Security
Basic Approach
Under “Corporate Governance Guidelines,” “FANUC Code of Conduct,” “Privacy Policy,” and all of which have been announced as its governance systems, FANUC protects important information assets and makes efficient and effective use of them in compliance with laws and regulations, rules, contracts, and other requirements.
Promotion Framework
The Information Security Committee, under the leadership of the Chief Information Security Officer (CISO) and the Chief Information Officer (CIO), was newly established in December 2019 as an information security system to control and manage information security activities.
CSIRT/SOC
- Ensures the stable supply of our products and services to customers by giving instruction on how to promptly respond to information security incidents caused by cyberattacks (analysis of the type of cyberattack/impact on business, interim/permanent responses) and providing a swift resolution.
- Prevents information security incidents from occurring by collecting information on vulnerabilities, sharing such information within the company, and understanding and controlling the status of response to vulnerabilities.
Establishment of PSIRT
We are currently working on the establishment of the FANUC PSIRT (Product Security Incident Response Team), which is designed to, as an engine for the realization of the Cyber/Physical Security Framework (CPSF) formulated by the Ministry of Economy, Trade and Industry which we aim for, contribute to ensuring security of FANUC products by indicating how to prevent security risks in business and promoting security activities involving customers and other stakeholders inside and outside the company in an efficient and sustainable way.
Initiatives
Recognizing that risks associated with cyberattacks and other threats are priority management issues, FANUC strives to strengthen information security by appropriately allocating resources to cyber security measures, under the initiative of the management.
Declaration of Cyber Security Management
In support of ”Declaration of Cyber Security Management 2.0” updated by Japan Business Federation in October 2022, we have developed ”FANUC Declaration of Cyber Security Management” to reinforce our cyber security measures actively taken at the initiative of the management.
Acquisition of ISO 27001 Certification (ISMS activities)
Under “Corporate Governance Guidelines,” “FANUC Code of Conduct,” and “Privacy Policy,” all of which have been announced as our governance systems, we have established and implemented an information security management system and a basic information security policy in order to ensure the protection of important information assets and the efficient and effective use of them in compliance with laws and regulations, rules, contracts, and other requirements.
IS656789 /ISO 27001
Corporate Administration Division, Research & Development Division, Sales Division (Headquarters),
Products Manufacturing Division and Products Management Division.
December/2016: Research & Development Division acquired ISO27001
December/2017: Sales Division (Head Office) acquired ISO27001
December/2018: Corporate Administration Division acquired ISO27001
December/2019: FA Products Manufacturing Division and Products Management Division of Headquarters acquired ISO27001
December/2021: Products Manufacturing Division of Headquarters acquired ISO27001
December/2022: Products Manufacturing Division of Tsukuba and Mibu acquired ISO27001
December/2023: Products Manufacturing Division of Hayato acquired ISO27001
Information Security Training
1.We believe that the most important information security measures are to improve employee knowledge of information security and to inform them of the procedures to be followed in the event of an incident, and we conduct annual information security training(e-learning) for employees.
In addition, we conduct training for targeted email attacks, which are becoming more common.
2.FANUC considers information security measures at domestic and overseas affiliates to be important in light of the recent increase in attacks on supply chains. FANUC conducts annual information security training for these companies.