Governance
Governance | Risk Management | Ethics and Compliance | Information Security | Executive Compensation | Tax Policy
Information Security Policy
Society’s trust is vital to any business. We established an Information Security Policy in order to appropriately protect not only information entrusted to us by our customers and business partners, but also all information assets handled by our Group.
Compliance with Laws and Regulations
We strictly adhere to all laws, national guidelines and regulations related to information security, and company regulations.
Operational System
We have built an operational system for information security measures and will continue to both maintain the system and implement improvement activities.
Management of Information Assets
In order to ensure information security, we have established and will continue to manage the correct handling of information assets in accordance with their importance.
Education
In order to raise the awareness of all our employees and executives, we provide education on items that need to be implemented in everyday operations, including laws and regulations related to information security, governmental guidelines or company regulations. We also share how our information security management system works with our customers.
Accident Prevention and Response in the Event of an Accident
We strive to prevent information security accidents from happening. In the unlikely event of an accident, we will take measures to minimize its impact, investigate the cause promptly, and take appropriate measures to prevent any recurrences.
Cybersecurity Program
Oversight
Renesas has robust executive oversight for its ongoing security program.
- The Security Council led by CEO and the Chairman of the Board
- Information Systems Division led by Senior Director of Global Information Security
Testing and Vulnerability Management
We conduct penetration tests on a regular basis and benchmark our control maturity with external advisors. In case of a cyber attack or other disaster, we have an information security disaster recovery plan and a specialist playbook in place to ensure business continuity.
Our most recent assessments include:- Annual external infrastructure and web application penetration testing (October 2024)
- Cybersecurity incidence response exercise (September 2022)
- Benchmarked quarterly cyber controls assessment
Employee Training
We recognize that employee education is crucial and provide training and refreshers on cybersecurity best practice to all employees of Renesas and its subsidiaries. We have been conducting Cyber Security Awareness Training throughout 2023.