Information Security Policy

Last revised: 1 July 2024

Deloitte Tohmatsu Group* is composed of Deloitte Tohmatsu LLC, which is responsible for the Group's Governance and Management functions, business units of Audit & Assurance, Consultative (Strategy, Risk & Transactions / Technology & Transformation), Tax & Legal, as well as Corporate functions.

Deloitte Tohmatsu Group recognizes that protecting confidential information and other information assets provided in the course of business from threats such as loss, falsification, leakage, and unauthorized use is essential for the continuous and stable growth of its business activities. Accordingly, Deloitte Tohmatsu Group has positioned information security as one of the most important management priorities. In addition to applying cutting-edge technologies based on the standards of Deloitte to the information system environment, each Deloitte Tohmatsu Group entity** has established the following policies on information security, which are thoroughly disseminated to all persons handling information. By so doing, we will achieve our management philosophy while maintaining and improving the trust of each stakeholder.

*Please refer to Here for Deloitte.

**Please refer to Here for a list of Group companies.


1. Organizational Structure Ensuring Information Security
Our group's Reputation Risk Leader (RRL) is responsible for overseeing information management across the Group, under which the Group-wide information management structure is established and operated while individual departments are accountable for understanding, maintaining, and managing their own information security.

2. Managing Information Assets
Each entity in the Deloitte Tohmatsu Group implements measures to adequately protect information assets we own and manage in our business activities against threats to the confidentiality, integrity and availability of information.

3. Compliance with Laws and Regulations
Each entity in the Deloitte Tohmatsu Group complies with the laws, regulations and contracts related to information handling.

4. Education and training
Each entity in the Deloitte Tohmatsu Group makes its partners and staffs aware of importance of information security, including protecting personal information, raises awareness to handle information appropriately, and continuously provides education concerning information security. We also conduct phishing email drills on a regular basis to make its partners and staffs to pay attention to cyber attacks.

5. Information security incident response structures and measures
Each entity in the Deloitte Tohmatsu Group makes its effort to prevent information security incident (including information leakage, theft, loss, and alteration resulting from cyber attacks or system failures.). If any incident happens, we should promptly respond in accordance with the common procedures set by Deloitte Tohmatsu Group, minimize the damage and take actions to prevent a reccurence.

6. Information security audit
Our group's internal audit and certification systems are utilized by each entity in Deloitte Tomatsu Group to confirm compliance with information security policies among its partners and staffs, and to periodically audit our group's information security management system and information security initiatives to ensure that they are properly maintained and operated.

7. Continuous improvement
Each entity in the Deloitte Tohmatsu Group regularly reviews and continuously improves its information security management system and information security efforts to address security risks relating to the changes of business environment and information technology as well as to meet with the legal and regulatory changes and new guidances issued by the government.


Kenichi Kimura
Deloitte Tohmatsu Group CEO

* Deloitte Tohmatsu Group has been certified for ISO / IEC 27001, an information security management standard, since May 2017.