The SoftBank Group's information security initiatives are based on the SoftBank Group Guideline for Information Security Measures. Examples of measures adopted by major Group companies are as follows.
SoftBank Mobile recognizes its legal and social responsibilities as a provider of mobile phone services, and has been implementing information security measures that give the highest priority to safekeeping customers' personal information and protecting the confidentiality of telecommunications.
Its Privacy Policy contains guidelines on personal information that have been established to promote a strong awareness of information security among all officers and employees. This policy is supported by a range of ongoing educational activities, including distribution of a Personal Information Protection Handbook, regular training sessions, and other measures such as e-learning focusing mainly on personal information protection and privacy of communications.
SoftBank Mobile has completely separate physical locations and network access for individuals and groups according to each security level, and every effort is made to enhance information security by sharing relevant knowledge and technology between SoftBank BB and SoftBank Telecom.
In addition, as part of its efforts to ensure information security, SoftBank Mobile has been running operations at all of its directly managed SoftBank shops* in a manner compliant with ISO27001, an international standard for information security management system. Regular security inspections are also carried out at sales agents and shops, providing necessary instruction and education so that companies who provide outsourced operations can maintain the same securities standards.
SoftBank BB is a provider of comprehensive broadband services through Yahoo! BB, which operates Japan's largest number of lines, and as such takes a comprehensive approach to information security. SoftBank BB has established an Information Security Policy applicable to all employees throughout the organization. This policy includes having a designated post with responsibility for information security management, and running an Information Security Committee. SoftBank BB also appoints an information security manager in each department to help ensure a robust system.
A Security Operation Center (SOC) has been established to address both technology and operations, and dedicated staff members are on duty around the clock, 365 days of the year to monitor internal security and carry out internal audits. The SOC undertakes detailed monitoring of office computers, internal networks and server access, and rule violations are dealt with promptly and strictly.
In the actual operating environment, security has been divided into five levels, and access to respective locations is managed accordingly for each level. Anything Level 3 or above is categorized as a “high security area,” and personal information is handled only in these areas. For example, a customer support center designated Level 3 has rigorous security, with security guards, access card identification, designated uniforms, the use of transparent bags for personal belongings in order to prevent the carrying of prohibited items, and careful layout of work stations and monitors to ensure the transparency of work processes.
At the same time, SoftBank BB provides officers and employees with education on personal information protection, including training sessions and e-learning. Further information on information security is posted on the intranet for employees to browse through at any time.
The Information Systems departments of SoftBank BB, SoftBank Telecom and SoftBank Mobile have each received ISO27001 certification — an international standard for information security management systems — for the operation of their internal systems, systems monitoring, and security monitoring.
SoftBank Telecom recognizes its legal and social responsibilities as a provider of fixed-line telecommunication services, and has implemented strict measures to maintain confidentiality of telecommunications and protect personal information.
SoftBank Telecom operates an Information Security Committee, chaired by the information security officer, which conducts comprehensive risk assessment of owned information assets, and is responsible for the establishment of the Company's Information Security Policy.
Regular educational activities are provided for officers and employees. These are mainly focused on providing participants with the knowledge and tools required to enable rigorous protection of communication privacy and personal information in their day-to-day work activities.
Further enhancement of information security is addressed by controlling physical and network access by individuals and groups according to their respective security levels. For employees who telework from outside Company premises, communication security measures include individual authentication and data encryption when accessing internal networks via the Internet, and IC card authentication and file encryption to prevent information leakage even if an employee's laptop computer is lost or otherwise compromised.
Moreover, as part of its efforts to ensure information security for its customers, many divisions of SoftBank Telecom have obtained ISO27001 certification, an international standard for information security management system.
Yahoo Japan Corporation operates Yahoo! JAPAN, one of the biggest portal sites in Japan, and prioritizes the assurance of information security and protection of customers' personal information. Core policies and procedures are outlined in the Declaration on Information Security, Policy for Personal Information Protection, and Information Security Guideline. Overall information security is managed from a medium- to long-term perspective by the Information Security Division, supported by similar information security offices in every department providing services to customers.
A number of measures are in operation 24 hours per day to ensure customer safety and security. These include a Bulletin Board Posting Patrol, which is used to prevent phishing activities and fraudulent entry to the auction site and also to check for any misuse in the finance category. It also administers the status of personal information posted on blogs or through other such media, based on Company guidelines. At the same time, Yahoo Japan works to raise customer awareness of information security by providing authoritative information at the Yahoo Japan Corporation Security Center (Japanese only), which explains important matters such as how to choose and manage passwords and how to deal with computer viruses.
As a part of its information security effort, Yahoo Japan has developed iTres, a system to authenticate the ISMS authentication standard (Ver. 2.0) and to monitor for information leaks from databases. It has also received ISO15408 certification, an information technology security evaluation standard.
IDC Frontier, a cloud service and data center service provider, makes company-wide efforts to ensure and maintain service quality and security.
As of the end of September 2012, all of IDC Frontier's offices and data centers have obtained ISO/IEC27001: 2005 (JIS Q 27001: 2006), a certification standard for information security. IDC frontier provides quality services from its 10 data centers nationwide to keep up operations, management and maintenance for 24 hours, 365 days.
The quality and operations of its cloud service are compliant with the Information Security Management Guidelines for the Use of Cloud Computing Services issued by Ministry of Economy, Trade and Industry in April 2011.
IDC Frontier is committed to ongoing efforts to improve its level of security.
SOFTBANK Frameworks is a provider of distribution services, and positions the protection of customers' information assets as its highest priority in information management. Its Security Policy outlines best practice in information security for all officers and employees, and this policy is supported by action guidelines and personal information protection management systems to ensure proper implementation of security policy in regular business activities through a sound organizational structure.
As part of our information security efforts, SOFTBANK Frameworks has received ISO/IEC27001: 2005 (JIS Q 27001: 2006), which is a certification standard for information security, and JISQ15001: 2006, which is a privacy mark certification.
SoftBank Payment Service operates mainly in the settlement processing business, and strives to protect customer information in the following three areas:
In fiscal 2007, SoftBank Payment Service joined the Council for Personal Information Protection and participated in the Information Security Movement Community. In addition to earning relevant certification, it will continue to promote the rigorous protection of personal information through a range of appropriate measures.
Copyright © SoftBank Corp. All rights reserved.
