Information Security

The Kaga Electronics Group considers the proper protection of its information assets a core management priority, essential for ensuring business continuity and maintaining the trust of society.
In recent years, as cyberattacks have become increasingly sophisticated and digitalization continues to advance, the information security risks facing companies have grown rapidly. The Group recognizes that safeguarding information assets against a wide range of threats—including cyberattacks, human error, unauthorized access, and risks arising from third-party service providers—is a critical corporate responsibility.
To advance its information security, the Group has established a Basic Information Security Policy and Group Information Security Guidelines as the foundation for its initiatives. By continuously improving our integrated technical and organizational measures, the Group remains committed to preventing and mitigating information security risks.

The Group regards information security as a core management priority and has established a company-wide management structure to support it.
The Risk Management Committee and the Compliance Committee, operating under the Sustainability Committee, oversee information security-related risks.
In addition, the Group appoints information security officers and managers , while the Information Systems Department is responsible for day-to-day operations. Together, these functions ensure the proper management of information assets and the implementation of security measures across the Group.
Through these initiatives, the Group continuously works to enhance the effectiveness of its security management practices, including identifying information security risks, implementing countermeasures, and responding promptly to incidents.

The Group implements a comprehensive set of information security measures that integrate organizational controls, technical safeguards, and employee training to properly safeguard information assets and reduce risks such as cyberattacks and information leaks.

● Establishment of information security guidelines
The Group has established the Group Information Security Guidelines to standardize the management of information assets and the implementation of security measures across the organization.
Compliance with these guidelines is regularly assessed to provide a visualization of the Group’s overall security posture and to drive continuous improvement.

● Technical Security Measures
To address threats such as cyberattacks and unauthorized access, the Group strives to protect its information assets and reduce information security risks through the adoption of state-of-the-art cybersecurity solutions.

● Employee information security training
The Group provides annual information security training to all employees to enhance individual security awareness.
New employees also receive information security training during onboarding to ensure they understand the importance of safeguarding information assets and the fundamental rules governing their use.

● Cyberattack simulation exercises
The Group conducts simulated targeted email attacks to enhance employees’ ability to respond to suspicious emails and to raise awareness of cyberthreats.
These exercises strengthen employees’ preparedness and help ensure they can respond appropriately to cyberattacks.

The Group has established procedures for responding to cyberattacks and maintains a framework that enables timely action when information security incidents occur.
In the event of an incident, such as an information leak or unauthorized access, it is promptly reported to the relevant departments, the scope of the damage and impact of the incident are assessed, and necessary measures are implemented without delay.
The Group also analyzes the causes of incidents, considers measures to prevent recurrence, and continuously works to improve its information security management practices.

To support the continuous improvement of its information security management, the Group pursues external certifications as appropriate. Several of the Group’s business sites have obtained ISO/IEC 27001 certification, an international standard for information security management, and the Group continues to maintain and operate its information security management frameworks in accordance with international standards.