Sustainability

Social(S)

Customer Satisfaction and Product Responsibility

Sustainability

Product Information Security Basic Policy

The Brother Group's mission is to place our customers first everywhere, every time, with the "At your side." policy. In order to provide secure products from Information security point of view and ensure that customers can use the purchased products with confidence, we establish the following basic policy to firmly implement and promote this.

1. Compliance with laws, regulations and contracts related to information security

We shall understand and comply with information security related laws and regulations of each country, and contracts with customers and partner companies.

2. Company regulations and organizational structure

In order to maintain and improve the information security level of Brother products, we shall establish internal rules concerning product information security, build a company-wide organizational structure and make continuous improvements as advised by top management.

3. Response to product information incident

Regarding the use of Brother products, if an information incident, reputational damage, violation of laws and regulations occurs, or if such a risk is discovered, we will make efforts to minimize damage. This can be through investigation of the cause of incident, investigation of the scope of impact, risk assumption, implementation of necessary measures, promptly providing necessary information to customers, partner companies, and other external organizations related to security. We will also implement corrective measures to prevent recurrence.

4. Prevention of product information incident

To prevent product information incidents, we shall establish standards and implementation procedures, and implement security measures throughout the full product lifecycle of planning, research and development, manufacturing, market use, repair, and disposal.
In addition, we will continuously review the standards and implementation procedures, and reflect countermeasures against new threats in products.
And we will continue to send information for customers to use the product securely.

5. Implementation of education on product information security

In order to ensure that all officers and employees involved in product information security can perform their work with information security literacy, we shall thoroughly familiarize them with this basic policy and continue to implement education on product information security.

Structure and Initiatives Related to Product Information Security

Brother Industries, Ltd. (hereinafter referred to as "BIL") has built a company-wide organizational structure to maintain and improve the Brother Group's product information security level, and is promoting various initiatives to respond to and prevent product information incidents.

B-PSIRT

BIL has established the Brother Product Security Incident Response Team (B-PSIRT) as an organizational structure for responding to product information incidents of the Brother Group. B-PSIRT works to prevent information incidents arising from the products of the Brother Group, and in the event of an incident, strives to provide confidence and safety to customers and society through swift response and other measures.

Structure of B-PSIRT

B-PSIRT is established within the Information Management Secretariat of BIL's Information Management Committee. It comprises the B-PSIRT Secretariat, which oversees and supports the PSIRT*1 activities of each business, as well as the respective businesses' PSIRTs which work with the respective businesses' product, development, and business structures to respond to information incidents that has occurred.
B-PSIRT has an external hotline for vulnerability reports to receive information related to products of the Brother Group, such as vulnerabilities and threats, from those who discover vulnerabilities, such as external agencies related to product information security, companies, and individuals.

Structure of B-PSIRT

Structure of B-PSIRT

  1. Abbreviation of Product Security Incident Response Team, which is an organization for responding to security incidents related to each company's products
  2. Abbreviation of Japan Computer Emergency Response Team Coordination Center
  3. Abbreviation of Information-technology Promotion Agency
  4. Abbreviation of Computer Security Incident Response Team, which is an organization established within the information department of companies and other organizations for responding to events which occur in internal systems, etc. that may lead to security problems

Initiatives of B-PSIRT

B-PSIRT initiatives such as those below for products of the Brother Group.

Type Overview
Violation of laws, contracts, etc. In the functions of Brother's products, or in the process of product use by customers
  • Understanding and responding to different countries' laws, regulations, and standards regarding information security
  • Responding when there are violations, such as in the contractual terms with customers (End-User License Agreement, privacy policy, etc.) and partner companies
Handling of information incidents* Responding when there are information incidents that cause damage to customers who use Brother's products as well as other individuals and companies
Handling of vulnerabilities
  • Responding to vulnerabilities in information security related to Brother's products
  • Investigating and responding to impact on operational IT infrastructure based on information about threats and vulnerabilities
Prevention activities
  • Conducting vulnerability investigations for Brother's products
  • Implementing secure development process
  • Implementing security measures for Brother's products
Awareness and education
  • Raising awareness about product information security to all employees
  • Conducting training for employees working in development and promoting the attainment of security qualifications
  • Undesired or unexpected problems and incidents in business operation and information security, such as unauthorized access and information leaks

Collaboration of organizations related to product information security

BIL is registered with JPCERT/CC as a product developer and undertakes responses based on the Information Security Early Warning Partnership.

Activities to prevent product information security incidents

Secure development process

B-PSIRT promotes the secure development process, which implements security measures in the product lifecycle from planning to disposal, so that customers can use products safely and with peace of mind.

Secure development process in product lifecycle

Secure development process in product lifecycle

Response process during occurrence of product information security incident

BIL has established the escalation process* when there is a product information security incident or when a suspicious event has been discovered. We strive to response appropriately to the incident and limit damage and losses to the minimum.
When a product information security incident occurs or a vulnerability is detected at a company or organization within the Group, the respective organization's PSIRT person-in-charge will grasp the situation and report to the B-PSIRT Secretariat.
The reported incident will be shared with the management and relevant organizations depending on the details and measures to prevent reoccurrence will be undertaken. Urgent and critical cases will be immediately reported to the Chairman of Information Management Committee and executive officers supervising related businesses, and we will seek to minimize damage by responses such as actions to prevent the spread of damage faced by customers and disseminating information about avoidance methods.

Response process during occurrence of product information security incident

Response process during occurrence of product information security incident

  • This is a procedure for reporting to the superior (organization) to undertake response at a larger scope during the occurrence of an urgent major incident

Disclosure of product information security information

Information regarding vulnerability of Brother's products as well as information about methods for solving or avoiding problems caused by vulnerabilities are disclosed on the website, translated into 22 languages, so that customers can check them.

Security support information

External evaluation and certification regarding product information security

With the spread of IoT devices*1, there are increasingly more cyberattacks targeting them. In the domain of business machines such as printers and All-in-Ones which are used in a variety of environments, there is rising importance for security measures due to the rapid spread of remote work and telecommuting.
Under such circumstances, BIL has strengthened the information security of its products and obtained external evaluations and certifications.

Passed the rigorous testing of the BLI Security Validation Program

BIL's printers have passed the Device Penetration Testing of the Buyers Lab (BLI) Security Validation Program from Keypoint Intelligence, an independent research and testing agency in the United States, and obtained the Security Verification Testing Seal.
The Security Validation Testing Seal is a certification that indicates that a product has passed the device penetration testing offered by Keypoint Intelligence and indicates that the device firmware and OS contained no serious vulnerabilities likely to be exploited by an outside hacker.

Logo_ BLI Security Validation Testing

For more information, including a list of products that have passed the BLI Security Validation Program, please visit the Security Validation Program website.

Compliance with BMSec (Business Machine Security Program)

As part of efforts to strengthen product information security measures of printers and All-in-Ones, BIL complies with the Business Machine Security Program (BMSec*2) by the Japan Business Machine and Information System Industries Association (JBMIA).

Logo_BMSec

For information and details about products that comply with BMSec, please see the official website of BMSec(the link to the site of "JBMIA")(in Japanese).
* BMSec is a registered trademark of Japan Business Machine and Information System Industries Association.

BMSec is also introduced on Brother's product information website.

  1. Devices which can pass information and orders to each other through LAN or the Internet
  2. This is a program where manufacturers and sales companies carry out self-evaluation of compliance with the Security Guidelines for Business Machines with Network Functions formulated by JBMIA and declare compliance, while JBMIA confirms and discloses compliance results

Efforts for personal information protection

In the Brother Group, personal information protection policies or privacy policies are formulated at Group companies following the Codes of Practice under the Brother Group Global Charter. For products, personal information is also handled by Group companies in accordance with the aforementioned Codes of Practice.

Basic Product Safety Policies

Brother Industries, Ltd. (hereinafter referred to as "BIL") stands on the principles that offering products to meet customer needs is our way of contributing to society, that product safety is our basis for quality assurance, and that delivering safe products to customers must be our top priority. Based on the above principles, BIL has established "Basic Product Safety Policies" as described below that are to be observed at BIL and its group companies in order to ensure the safety of our products.

1. Compliance with Regulations

We will commit ourselves to comply with regulations, guidelines and other rules relevant to product safety, and to behaving with ethical standards while paying serious attention to the standards of safety culture.

2. Establishing and Practicing Voluntary Action Plans

Based on the above basic policies, we will establish, practice, and continuously upgrade voluntary product-safety action plans in order to realize product safety based on our credo that "customers" and "product safety" come first.

3. Securing Product Safety

In order to offer safe and reliable products to customers, we will establish voluntary safety criteria and continuously upgrade them in addition to observing the safety criteria stipulated in applicable laws and industry standards. In addition, we will do our best to provide safe and reliable products by giving necessary education and training to our employees to ensure product safety and prevent accidents resulting from product failures.

4. Collection and Disclosure of Information Related to Product Failures

We will actively collect information relevant to product failures from customers, and disclose such information to customers at an appropriate time and in an appropriate manner.

5. Reporting Product Failures

If a serious product failure occurs, we will immediately report the factual details about the failure to the responsible authorities as ordered by their decrees.

6. Product Recall

If a product failure accidentally occurs, we will immediately collect facts about the failure and investigate the cause. Furthermore, if necessary, we will take every measure required to prevent the occurrence of further hazards or expansion of the existing hazard by reporting the facts to customers and recalling affected products.

7. Measures for Preventing Improper Use

We will do our best to prevent accidents resulting from improper or careless use of our products, by placing reminders in instruction manuals and on products to reinforce correct use.

Brother Industries, Ltd.
Representative Director & President

Efforts Regarding Product Safety

Safety Data Sheets (SDS)

To allow our products to be used safety, BIL creates Safety Data Sheets (SDS)—by language and product—that consolidate information such as the safe handling of chemical substances found in products.

For details, please see the download site for Safety Data Sheets (SDS).

Safety Data Sheets (SDS)

Share This Page