FUJIFILM Holdings

Information Security Policy

The Fujifilm Group establishes the Information Security Policy towards the maintenance and improvement of Information Security as one of critical issues in business activities in order to continue to be a reliable corporation under our open, fair and clear corporate culture, and to fulfill our social responsibility.

  1. Preparation and observance of information security rules
    We prepare documents such as regulations and guidelines and ensure that they are fully complied with to follow this Policy, as well as to comply with all applicable laws, and regulations enforced in the regions in which we conduct business.
  2. Establishment of information security management organization
    We clearly define the organization structure and responsibilities to implement information security measures appropriately and reliably. Under our information security management organization, we, as a member of society, appropriately provide information and actively collect information from external information security organizations.
  3. Information security education
    We endeavor to raise awareness through enlightenment, education and training to implement information security measures appropriately and reliably.
  4. Continuous improvement of information security measures
    We review various measures as necessary for continuous improvement based on risk assessments to respond to changes in legal or regulatory requirements and new information security risks such as cyberattacks. We also maintain and improve supply chain security of business partners and other parties.
  5. Maintenance and protection of information assets
    We protect critical information including customer information, information of business partners, and company technical information from threats of leak, falsification, and loss by observing our code of conduct. We endeavor to ensure information security of our products and services to protect customer information. In case of a security incident, we will minimize the impact by a prompt initial response such as the prevention of damage propagation, and taking recurrence prevention measures.
  6. Compliance with laws and regulations
    We comply with information-security-related laws and regulations enforced in the regions in which we conduct business, as well as contracts with customers and business partners.

Adopted May 2013. Revised April 2021