Information Security Initiatives

SoftBank Group is working to strengthen information security in accordance with the SoftBank Group Guidelines for Information Security Measures. Examples of major Group companies' initiatives are introduced below.

SoftBank Corp.

SoftBank recognizes its major responsibility as a communications service provider (for mobile communication services, broadband comprehensive services, fixed-line services and others) to strictly protect personal information received from customers, and abides by the communications privacy* provisions guaranteed by the Japanese Constitution.

With the goal of strengthening information security, SoftBank shares information and technology relating to information security initiatives across the company, works to create a structure for promoting information security activities, and conducts staff education and training through organizational, personnel, physical and technological measures.

On-site there are a high number of certified security experts, including Certified Information Systems Security Professionals (CISSPs), Certified Information Security Managers (CISMs), Certified Information Systems Auditors (CISAs), Japan Government Information Security Professionals (JGISPs) and those with Global Information Assurance Certification), who advance security measures.

As part of its efforts to ensure information security, Information Systems divisions and directly-owned SoftBank shops are being run by SoftBank in a manner compliant with ISO27001, an international standard for information security management systems. As retaining personal information at SoftBank shops is prohibited, high-security computers for customer registration have been introduced to prevent information leakage and ensure the information's security. Regular security inspections are also carried out at sales agents and shops, providing necessary instruction and education so that companies who provide outsourced operations can maintain the same securities standards.

[Note]
  • *
    One of the fundamental and inviolate rights guaranteed by the Constitution of Japan. In addition to the communication content, secrecy of communications is granted to related information such as the name and address of the correspondent and confirmation of whether or not communication has taken place.

Our four types of information security measures

Organizational measures

In line with SoftBank Group Guidelines for Information Security Measures, we have appointed a Chief Information Security Officer and instituted an Information Security Policy applicable to all staff throughout the organization.
The Chief Information Security Officer chairs the Information Security Committee, which enables us to share useful knowledge on information security and review measures that are adapted to technological innovation and changes in the environment.

Personnel measures

As a provider of various communications services, we are undertaking information security initiatives with the protection of customers' personal information as a top priority. We have also established and made public our guidelines and legal disclosure process related to personal information in Privacy.
Furthermore, to ensure the appropriate handling of information, and provide for its security in our daily work—particularly with regard to the secrecy of communications and protection of personal information—officers and staff are continuously working to improve knowledge and foster an ethical mindset concerning information security through regular training sessions, e-learning and ongoing educational activities. Data related to information security is available on our Intranet, which staff can access at any time.

Physical measures

In the actual operating environment, security has been divided into five levels, and access to respective locations is managed accordingly for each level. Anything Level 3 or above is categorized as a “high security area,” and personal information is handled only in these areas.
We have established rules specific to the high security areas to ensure thorough security management. For example, a customer support center designated as a high security area has rigorous security, with security guards, access card identification, and the use of transparent bags for personal belongings in order to prevent the carrying of prohibited items.

Technological measures

We monitor internal network use, individual server access, and the status of office computers in the Security Operation Center (SOC), designated as a high security area, with the aim of maintaining and managing security levels. Physical location of and network access for individuals and groups have been completely separated according to each security level.
With regard to office computers, we are tightening security by controlling access to unrelated websites and promoting thin-clients. This is done with the aim of keeping classified documents within the company at all times, and to limit access to websites unrelated to office work.

Information Security Committee

SoftBank appoints a Chief Information Security Officer (CISO) who chairs and periodically convenes the Information Security Committee (ISC). The ISC is composed of each division's persons in charge of information security, and seeks to promote and manage information security activities company-wide. In addition, in order to implement effective security measures, we have formed an Information Security Committee Office (ISC Office) for the rapid implementation and alignment of company-wide information security measures and plans.
SoftBank has appointed Chief Privacy Officers to determine policy related to the handling of personal information and to work to protect the personal information of customers and staff.

Role

As an interdisciplinary organization the Information Security Committee is working toward company-wide promotion and management of information security activities.

  1. Sharing of information beneficial to information-security activities
  2. Company-wide sharing of measures and plans related to information-security activities
  3. Understanding and improvement of information-security status company-wide
  4. Promotion and development of information-security education
  5. Coordination of information-security measures between divisions

For more on the information security activities of Group companies, please see their respective websites.

Group Companies