Information Security
Approach/Promotion System
Basic Approach
Recognizing it as a vital management issue, Canon conducts Group-wide information security initiatives in line with the fundamental principles of information security regulations. Since information security poses potentially major and direct business risks to Canon operations, we have created an information security promotion system as part of our risk management approach.
Information Security Promotion System
Canon has constructed a system for the rapid collection and reporting of information on any information security-related incidents, based on the Risk Management Committee established through a Board resolution.
Any incidents that occur must be reported to the Information & Communication Systems Headquarters. Depending on the circumstances and the business implications, they are also reported to the CEO and Board of Directors via the Risk Management Committee. Moreover, the Group Executive in charge of the Information & Communication Systems Headquarters is the senior executive in charge of information security at Canon Inc. and has decision-making responsibility for information security measures. The executive oversees the Information & Communication Systems Headquarters, which is the organization responsible for managing information security across the Canon Group.
The Information & Communication Systems Headquarters is also responsible for any input into medium-term business planning relating to information security, prior to CEO approval.
CSIRT* is a dedicated team for dealing with information security incidents established inside the Information & Communication Systems Headquarters. Canon CSIRT joined the Nippon CSIRT Association (NCA) to strengthen collaboration with CISRTs of other companies.
The Information & Communication Systems Headquarters formulated the Canon Group Information Security Rules to ensure that uniform measures and a consistent approach to information security are applied across the Group, both in Japan and overseas.
Each Group company creates regulations and guidelines based on these rules in line with its needs and conducts related training and awareness activities.
- * Computer Security Incident Response Team. This is a dedicated, organized group that deals with incidents involving computer security.
Information Security Management System
Information Security Training & Development
In order to maintain and improve information security, Canon is focusing on raising awareness among employees who use information systems.
Canon executives and all employees undergo annual information security training using an online platform. Roughly 23,000 employees of Canon Inc. received the information security training in 2024. Course content focused on improving information security literacy, including vulnerability risks and related mitigation measures, and critical points to consider when web conferencing.
In addition, special training sessions based on a targeted email attack were conducted involving roughly 60,000 Canon Inc. and Group company employees. This was intended to provide practical instruction in how to respond appropriately to suspicious emails and thus avert widespread damage. Specifically, newly hired employees unaccustomed to using email in the work environment received separate training to reinforce their awareness.
Information Security Audits
The status of each Group company’s information security measures is confirmed by means of internal inspections based on the Canon Group Information Security Rules as well as through periodic audits by the Information and Communications Systems Headquarters, and improvements or revisions are made as needed.
In 2024, information security audits were conducted at 23 Group companies in Japan and 27 Group companies overseas. No major security risks with business implications were detected through these audits.
External Certification
Canon Inc.’s information security division has acquired ISO 27001 certification, the international standard for building and operating information security management systems.