The Brother Group Information Management System
The Brother Group established the Brother Group Information Management Regulation in conformity with the information security management system (ISMS), considering the proper management and protection of information as the basis of maintaining its management quality.
This regulation places the Information Management Committee of Brother Industries, Ltd. (BIL) at the top and clarifies the roles of regional representative companies for the Americas, Europe and other regions, giving them responsibility for information management activities conducted by the subsidiaries under their supervision. This structure ensures the delivery of decisions made by the Information Management Committee throughout the whole group, and also makes it easier to grasp the status of information management in respective subsidiaries.
As for a wide variety of information handled within the company, we manage it in accordance with the Brother Group uniform security criteria. The criteria divide information into four levels based on its confidentiality and lay down rules on the storage, access, and disposition of information for respective levels, thereby enhancing the security of the information.
Four information management levels based on confidentiality
Strengthening Measures to Prevent Information Leakage
Measures against unauthorized access from outsiders
Regarding unauthorized access invading from outside the company, we detect suspicious access at three stages, which include entrances from the Internet, the corporate intranet, and exits to the Internet, to prevent information leakage. As countermeasures against targeted attacks by e-mail, we, for example, delete suspicious mails at the entrances from the Internet and monitor and delete malicious programs like computer viruses on the corporate intranet. In addition, communication to dangerous servers is blocked at the exits to the Internet, in order to avoid information leakage.
Measures against internal wrongdoings
We issued the rules for the handling of information in the company and have been disseminating them to our employees through e-learning, etc., to prevent the employees from engaging in risky behavior by mistake.
We install security tools to each PC to manage the usage records and inform employees of this management aiming to prevent their wrongdoings.