The SoftBank Group addresses information security on a company basis in a variety of business segments, based on the SoftBank Group Charter and the SoftBank Group Guideline for Information Security Measures. The Group Information Security Committee meets regularly, sharing examples and issues at individual companies and laying the foundation for mutual cooperation in our activities.
Initially, information security addressed the safekeeping of customer data, and now measures are in place not only for the appropriate handling of information received from all stakeholders, but also to improve the system without compromising its convenience.
Companies have been working in recent years to establish risk management covering areas including internal controls, CSR and compliance, and we at the SoftBank Group are utilizing the experience we have gained through our information security activities to date, while at the same time working in cooperation with each segment to further refine the organization. We will continue to engage in information security activities going forward as a Group, to gain the further confidence of all stakeholders.
The SoftBank Group clearly designates the post responsible for information security across the entire Group through the position of Group Chief Information Security Officer (GCISO). The Group Information Security Committee (G-ISC), chaired by the GCISO, is tasked with accurately understanding the status of information security at each Group company and being able to quickly implement security-related measures when necessary.
The G-ISC meets regularly to aggressively promote information security measures and activities across the entire Group in several ways — organizationally, physically, technically, and in terms of personal matters.
The SoftBank Group Guideline for Information Security Measures is designed to ensure that all Group companies have a common understanding of appropriate measures for information security. These guidelines clearly set forth a policy for handling personal data and information assets in general, and help ensure that the entire Group is able to enforce rigorous protection against information leakage. The content is regularly reviewed to keep pace with technical innovation and changes to the business environment.
These guidelines clearly define a policy for information security measures in all aspects of the Group's operations, including organization, human resources, physical assets and processes, and technology, They specify the type of information security structure to be established by each Group company, and also define how to handle confidential information and personal information, develop and operate systems, conduct risk management, and manage employee training.
The SoftBank Group provides officers and employees with regular and ongoing education and training on personal information protection, to support a high standard of knowledge and ethical awareness.
Training is based on a dedicated handbook that contains details of information security policy and practice, and other programs, including e-learning and training sessions, are held as appropriate for the size and training background of the individual Group company concerned. Persons in charge of information security are able to pursue publicly recognized qualifications and attend meetings to learn from experts in related areas, and are encouraged to increase their knowledge and awareness through other such avenues. As a matter of principle, all persons employed in Group operations, rather than only regular employees, receive this training in order to ensure a high level of information security throughout the entire Group.