Information Security Management System
Basic Approach
As the advanced information-telecommunication society evolves and use of information increases exponentially, appropriate protection of the informational assets held by a company becomes a social responsibility, while appropriate usage of the same assets becomes the foundation of the company's competitiveness. As a provider of comprehensive financial services in Japan and abroad, we believe that appropriate protection and use of informational resources are extremely important issues.
We are striving to strengthen our information security management system, defining information security management as all acts associated with the appropriate protection and use of group informational assets. This includes adopting information security management measures to ensure the confidentiality, integrity and availability of our informational assets, and responding to requests for disclosure from "data subjects" (the people to whom specific information pertains) concerning personal information.
Overview of the Information Security Management System
We have clarified the group management system as well as management methods for information security management, and each company has drawn up its own regulations concerning information security management. We are also building an information security management system, stipulating that the compliance departments of the individual companies are to act as information security management departments.
The chief executive officer of MHFG appoints a chief information security officer who supervises planning, proposals and implementation in connection with overall group information security management, and the information security management committee handles discussions and coordination of cross-divisional issues relating to overall group information security management. In addition, the Information Security Management Office has been established within the Compliance and Legal Affairs Division to specialize in information security management and provide centralized monitoring and control of the information security management situation at our principal banking subsidiaries and other core group companies. The information security management situation at subsidiaries of our principal banking subsidiaries and other core group companies is monitored and managed by our principal banking subsidiaries and other core group companies themselves. In every organizational unit, the head of each unit is also responsible for information security management, and an information security management officer is appointed to check on how information is handled and ensure that personnel are fully aware of and well trained in safety management measures.
Based on this information security management system, we have drawn up and published the Privacy Policy Regarding Customer Information* that complies with Japan's Law Concerning the Protection of Personal Information. We are also building a system to deal with requests for disclosure, and strengthening our safety management measures.
- *The Privacy Policy Regarding Customer Information includes the policy and procedures for management of customer information. Our group companies have each established privacy policies regarding customer information, which are published on their individual websites, in annual review, and via other disclosure tools.
- Information Security Management System
(As of Jun 21, 2011)
