OCC Corporation Information Security Statement
Established: January 22, 2010
OCC Corporation ("OCC") positions the assurance of information security as an important management priority, and protects the information assets entrusted to us by our customers and business partners as well as our own information assets from cyber attacks and other threats. Furthermore, by providing secure products, systems, and services, we create the social values of safety, security, fairness, and efficiency, and contribute to the realization of a more sustainable society where everyone has the chance to reach their full potential.
Recognition as a management priority
- OCC recognizes that ensuring information security is one of the most important management issues, and positions investment in this area as an essential responsibility of corporate management. Our top management identifies risks, sets information security goals based on these risks, allocates the necessary management resources, monitors status of these efforts and achievement status of initiatives, and continually improves overall information security across the Group.
- OCC complies with the laws and regulations as well as the national guidelines, the social standards and norms related to information security.
Formulation of management policies and declaration of intention
- OCC discloses information security initiatives through The NEC Group annual Information Security Report and other means.
- If an incident security problem should occur, we respond immediately based on our business continuity plan to minimize the damage to the minimum, while locating the root cause to prevent the recurrence.
Establishment of internal and external systems and implementation of measures
- At the NEC Group, of which OCC is part, the Chief Information Security Officer (CISO) of NEC Corporation oversees the Group-wide information security strategy, which is supervised by the Board of Directors of NEC Corporation. In addition, Computer Security Incident Response Teams (CSIRTs) responsible for responding to security incidents have been established under the CISO.
- OCC establishes and implements internal regulations in accordance with this Statement, while making efforts to maintain our information security management framework and to protect information assets under our control appropriately.
- OCC implements appropriate human, physical, technological, and organizational security controls to protect its information assets from unauthorized access, leakage, alternation, theft/loss, destruction, obstruction of use, or any other threats.
- OCC seeks to solve social issues by actively recruiting talent with advanced knowledge of information security and creating opportunities for them to play an active role. We are also committed to promoting better awareness and providing education for all our officers and employees according to their job categories.
- OCC makes efforts to improve the information security level of the entire supply chain by promoting information security measures in cooperation with business partners.
Provision of secure products, systems, and services
- OCC makes efforts to ensure information security and privacy in all stages of the customer's business by implementing secure design and operation for the products, systems, and services we provide to our customers and to society.
Contributing to the establishment of a safe and secure ecosystem
- OCC participates in information sharing initiatives with information security-related organizations inside and outside Japan and actively provides information to help strengthen the level of information security of society as a whole.