NTT

NTT

Skip Navigation

NTT HOME

About NTT Group
Press Release
Group Companies
Social/environmental Initiatives
About NTT Corporation
NTT Facts
To Investors
R&D
Career Opportunities

NTT HOME  >  NTT Group CSR  >  Safe and secure communication  >  Ensuring information security

This is the text.

Creating a Safe and Secure Environment for ICT Users

Ensuring information security

NTT-CERT provides security support for NTT Group companies

NTT-CERT, operated by the NTT Information Sharing Platform Laboratories, is an organization that works with security managers and systems administrators to handle security threats and provide technological support within the NTT Group.

In fiscal 2008, we adopted a diagnostic security risk management system that we had been developing since fiscal 2006. We have also been engaged in planning and implementing security training programs for employees, and enhancing cooperation between telecommunications equipment security engineers within the NTT Group.

This point is about one fifth of the way down the page.

Page Top

ISMS and PrivacyMark certifications

As a framework for managing information, protecting secrecy, and preventing information leaks, NTT Group companies are working to achieve Information Security Management System (ISMS) certification. We are also working to achieve PrivacyMark (P-Mark) certification, which recognizes the provision of a system for proper handling of personal information.

Further, NTT DATA has achieved a first for domestic system integrators by publishing an Information Security Report 2008, which reports the details of its activities for promotion of information security.

This is the cover of the Information Security Report 2008 produced by NTT DATA to introduce its security measures.Information Security Report

This point is about two fifths of the way down the page.

Page Top

Initiatives for protecting customers' personal information

The NTT Group has established an NTT Group Information Security Policy that states its position on information security, and is doing its utmost on a groupwide basis to protect the personal information of its customers and prevent leaks. Each Group company is also undertaking its own activities to ensure thorough protection of personal information.

Group company Examples of major activities
NTT East
  • Installation of a system restricting output to external storage media for office terminals (approximately 75,000 terminals as of March 31, 2008)
  • Utilization of a dedicated tool verifying that no work-related information exists on current or past employees' home PCs while also ensuring that file-swapping software such as Winny is not being used
NTT West
  • Limitation of business terminals used for output to external storage media
  • E-mail delivery system configuration (e-mail can be sent to an external recipient only if a copy is also sent to a superior's address.)
NTT Communications
  • Reviewing of regulations and systems, training of all staff, submission of written pledge/measurement of performance, and implementation of periodic checkups and monitoring
  • Requiring of approval to download customer information and implementation of information lifecycle management, including in outsourcees
  • Use of tools to control authorization for handling customer information, such as writing information to external storage media on an individual basis, and implementation of periodic revisions
NTT DATA
  • Installation of a solution (Total Security Fort) on all PCs used in operations (approximately 30,000 terminals) as a measure against information leaks by restricting writing to external storage media such as USB memory (2005), use of thin clients for PCs used away from company premises, introduction of e-mail filtering (2007), etc.
NTT DOCOMO
  • Implementation of system enhancements to restrict the print-screen function and the displaying of the customer's address on customer information management system terminals
NTT FACILITIES
  • Implementation of mass inspection of home PCs of all employees including group directors as well as submission of written confirmation, while also requesting submission of the same written confirmation from affiliates and outsourcees
NTT COMWARE
  • Implementation of checkups for information leak prevention, such as by having full-time employees, temporary staff, and affiliated organizations, etc. submit a written pledge to comply with regulations (from November to December 2006, from July to September 2007)
NTT Urban Development
  • Servicing and operation of related regulations such as revision of the Information Security Management Regulations and establishment of the Rules on the Management of Customers' Personal Information

This point is about three fifths of the way down the page.

Page Top

Enhancing measures to stop information leaks and prevent reoccurrence

In fiscal 2008, several information leak incidents occurred, such as the external leakage of business-related files removed from company premises without authorization by a former employee (NTT East), and the use, perusal, and external leakage of customers' personal information by a retail agency staff member (NTT DOCOMO). Group companies take such incidents very seriously and have strengthened measures to prevent a reoccurrence, such as by redoubling their efforts to train employees in the proper handling of information, and introducing software to prevent the leak of confidential information.

This point is about four fifths of the way down the page.

Page Top

Provision of confidential document recycling service

A lockable security box called an "SS-BOX" is installed in customers' offices, and after confidential materials are discarded, the locked box is taken to a processing plant where the contents are completely destroyed (dissolved). A "confidential document destruction (dissolution) certificate" is issued after processing.

This is a sample of the confidential document recycling service certificate issued to certify complete destruction of collected documents through dissolution.Confidential document destruction (dissolution) certificate

Enlarge

Page Top

This is the end of the text.Return to the CSR main menu.

page top