Information Security

Information Security Information Security

Message from the CISO

Tadashi Iida Chief Information Security Officer SoftBank Corp. Tadashi Iida Chief Information Security Officer SoftBank Corp.

The COVID-19 pandemic has further accelerated digitalization and necessitated the push towards making everything online, causing major changes to our daily lives and corporate activities.

The keys to accelerating this change have been cutting-edge technologies such as 5G, AI, IoT, cloud computing, and big data. In particular, the promotion of digitalization through digital transformation (DX) helping to achieve labor-saving automation which coupled with the rapid evolution of AI has encouraged us to shift to a more creative and high-value-added work style. Meanwhile, control and data analysis using IoT sensors have made it possible to grasp minute changes and use them to make upfront investments and avoid risks by predicting the future.

Guided by our management philosophy of “Information Revolution — Happiness for everyone” we are actively investing and developing these fields in order to solve social issues, achieve SDGs, improve our customers' productivity, and provide more convenient and novel experiences.

The foundation for achieving this is advanced Information and Communications Technology (ICT), cutting-edge communications infrastructure, and information security. In recent years, security risks have become more diverse and sophisticated. Particularly from international hacker groups which have been more persistent in committing internal fraud and cyber attacks targeting remote work environments.

Our company is constantly monitoring and researching these threat trends, while proactively adopting cutting-edge technology to create an advanced security environment. Operationally we are further enhancing our 24/7/365 security monitoring and real-time response system, while educationally we are conducting training to instill a high level of security awareness in all employees. In terms of systems we are continually keeping our security policies and rules up to date.

By continuously evolving our information security and supporting the digital transformation brought about by DX, our customers will be able to use our services with peace of mind.

Tadashi Iida
Chief Information Security Officer
SoftBank Corp.

Policy

The Company has formulated and continues to adhere to its Information Security Policy and Privacy Policy to maintain the trust of customers and society by implementing comprehensive and advanced measures to address the risk of information leaks. The Company seeks to maintain information security through the appropriate handling of information assets and protection against a wide range of threats.

Information security
governance

The Company has established an information security management framework to comply with all laws, regulations, and other norms relating to information security, protect information assets, and defend against cyberattacks. The Company has formulated an Information Security Policy to be followed by employees; established the position of Chief Information Security Officer (CISO); and organized the Information Security Committee (ISC), chaired by the CISO, and the SoftBank Computer Security Incident Response Team (SoftBank CSIRT). These bodies review measures to ensure that they remain aligned with changes in the operating environment and technological innovation and share information useful for information security and cybersecurity measures.

If employees become aware of an information security incident, they must promptly report it to SoftBank CSIRT or the information security officer in their respective division, and information will be shared with and escalated to the CISO and the Information Security Committee, as necessary.

If a system failure caused by an information security incident occurs, the head of system operations and the CISO work together to assess the situation, examine response measures, and restore the system. In the event of a material incident, the Company establishes an emergency response headquarters headed by the President & CEO to address the issue and promptly reports to supervisory authorities, including the Ministry of Internal Affairs and Communications, in accordance with applicable laws and regulations.

Information security governance Information security governance

Information Security
Committee

The Information Security Committee (ISC), chaired by the CISO, is composed of the persons responsible for information security in each division. It is a cross-functional organization that promotes and manages information security initiatives. To ensure the effective execution of these initiatives, the Company has established the Information Security Committee Office to support their planning and coordination.

The roles of the ISC include, but are not limited to, the following:

  • Sharing information helpful to information security
  • Sharing Group-wide initiatives and plans related to information security
  • Assessing the latest status of information security across the Group and enabling improvements
  • Promoting information security training
  • Coordinating information security initiatives across departments

SoftBank CSIRT

The SoftBank CSIRT was organized to prevent security incidents and minimize damage by quickly responding to any incident that might occur. Under the CISO, the team consists of members from the Security Department and others appointed by the head of each department. The CSIRT Office works with the Information Security Committee Office and related organizations, both inside and outside the company, to support the team.

In order to prevent security incidents, SoftBank CSIRT collects and analyzes information on system vulnerabilities, requests responses, reviews response status, formulates security rules, provides security training, and issues warnings regarding potential security issues. In the event of an incident, the team follows an incident response flow and conducts incident response training.

When you discover a vulnerability regarding our website or services, please contact SoftBank CSIRT.

Security governance
of affiliate companies

The Company's group companies (subsidiaries and affiliates) have risk management governance structures in place to mitigate risks and prevent information security incidents and cyberattacks. They also assess and analyze security risks to identify and implement controls that reduce those risks.

The SBKK Group Security Committee, headed by the CISO, comprises members in charge of information security management at affiliate companies, where they share information on threats and solutions regarding information security. The Committee also conducts security training and coordinates responses when incidents occur. Additionally, the SoftBank Affiliate Company Security Guidelines stipulate matters to be observed and the governance structure necessary for each Group company to manage security appropriately.

Security measures

To protect various information assets, including customer information, the Company has established and maintains security governance structures, provides security checks and advice during internal service deployment and implementation, and conducts security assessments both prior to release and during ongoing operations. The Company also conducts security tests prior to service release and during operations. Furthermore, the Company operates a Security Operation Center (SOC) which monitors services and equipment, establishes regulations, collaborates internally and with other organizations, reviews its measures and considers new approaches by referring to the Cybersecurity Framework (CSF) of the US National Institute of Standards and Technology (NIST) and the CIS Controls of the US Center for Internet Security (CIS).

Protecting Customer Information Protecting Customer Information

Protecting Customer
Information

The Company takes measures to protect customers from information leaks and cyberattacks so they can use its services with peace of mind.

Learn more

Collaboration to Protect Cybersecurity Collaboration to Protect Cybersecurity

Collaboration to Protect
Cybersecurity

As an operator of telecommunication infrastructure vital to society and as a company providing innovative services by integrating telecommunications with cutting-edge technologies, the Company works with various external organizations to help improve security across society. SoftBank CSIRT represents the Company when it collaborates with external organizations.

Learn more

Continuous Security Enhancement Continuous Security Enhancement

Continuous Security
Enhancement

In response to the spread of digital devices and increasingly sophisticated cyberattacks, the Company strives to continuously strengthen security by adopting new technologies and methods, improve employees' security mindset through education, and train security specialists.

Learn more