Information Security

Information Security Policy

The Kawasaki Group provides products to a diverse range of customers, from general consumers and the public sector to the Self-Defense Forces, and constantly works toward maintaining and improving its information security to protect information relating to our customers and suppliers as well as information on our businesses to suit the requirements of each customer sector.
The necessary information security management practices have been established as corporate regulations to ensure compliance with domestic and international laws and contracts with clients and to protect our businesses. These corporate regulations comprise Rules for Information Management, as the underlying policy, along with various standards for establishing administrative management guidelines, including the development, implementation, and use of information systems.
The Kawasaki Group recognizes that ensuring information security is a corporate social responsibility and considers it an important management challenge related to business continuity. In order to manage and protect information handled by the Group as an important asset, we have established the following information security policy and aim to ensure proper operations in our business activities.

Information Security Management Structure

Led by the Head Office DX Strategy Division, we are bringing together the strengths of all internal companies to strengthen the Group’s cyber security. Each internal company also has an information system department that implements security measures based on Company policy.
We have established a dedicated framework under the Corporate Risk Management System to handle information security management for the Group. We adhere to a management cycle with an emphasis on rules, training, and technology measures to address constantly changing information security risks while systematically implementing, maintaining, and enhancing information security measures.
In addition, Benic Solution Corporation, a subsidiary that handles the Group’s data center, has acquired ISO 27001 certification, an international standard for information security management, and strives to uphold a high level of operational reliability.
We implement vulnerability analyses of the servers of our demilitarized zone (DMZ) network, which connects internal systems with the outside network, both in-house and with the help of security vendors. Furthermore, we have implemented systems to prevent unauthorized access to data from outside as well as information leaks from inside and to stop the spread of computer viruses as well as systems to check for illicit activity.

Information Security Management System

Information Security Management System

Director Responsible for DX Strategy (CISO): Hiroshi Nakatani, Representative Director, Vice President, and Senior Executive Officer

Executive Officer Responsible for Cyber Security: Hironobu Urabe, General Manager of DX Strategy Division and Executive Officer

  • The Director in charge of DX strategy takes on the role of CISO and chairs the Information Security Committee.
  • The General Manager of the DX Strategy Division oversees the execution of the cyber security strategy as executive officer and has jurisdiction over the Cyber Security Group, which is the management department. Further, the Cyber Security Group within the DX Strategy Division is the Information Security Supervisory Department and is responsible for cyber security practices.
  • Incidents and response status related to cyber security are reported to the Director responsible for DX (CISO) through the Information Security Committee by the General Manager of the DX Strategy Division who is the officer in charge of the Cyber Security Group.

Information Security Education and Training

We conduct regularly education and training focused on information security for Kawasaki Group employees.
This instruction covers laws and social customs as well as corporate rules and examples of incidents, and course content is tailored by position, with content for newly hired employees, general employees, and managerial staff. Training includes regular drills using simulations of targeted attack phishing emails to help employees learn how to avoid damaging situations, such as cyberattacks and online crime, which can occur in the course of daily business operations.


2017 2018 2019 2020 2021
Information security training participants - 8,394 9,866 17,779 19,033

Number of Violations, Details of Violations, and Actions Taken

There were no cases of violations pertaining to information security in fiscal 2021.

Personal Information Protection

Kawasaki abides by its Privacy Policy, a basic policy for protecting personal information. This policy is disclosed. Further, we control personal information by such means as appointing a personal information administrator, establishing corporate regulations titled Personal Information Protection Rules, and issuing the Personal Information Protection Manual, which explains the rules clearly for employees. In 2020 we established the Kawasaki Group Policy on the Protection of Personal Information, laying out Group-wide rules for the proper handling of personal information.
In accordance with the revision of the Act on the Protection of Personal Information of Japan in April 2022, we revised relevant corporate regulations, the Privacy Policy and the Personal Information Protection Manual. For the control of personal information, such measures are taken as constructing the security control systems for the personal information possessed by each division and preparing and regularly updating the personal data handling ledger in which the handling status of such personal information can be checked.
With regard to personal information in the Company’s possession, we have put in place a structure that ensures a prompt response to requests from individuals related to their own personal information, such as requests for disclosure or discontinuance of utilization.

Response to the General Data Protection Regulation

The Kawasaki Group has established corporate regulations regarding compliance with the European Union’s and UK’s General Data Protection Regulation (GDPR), laying out rules for the proper handling of personal information covered by the GDPR.


If you need more information about our business,
please feel free to contact us.