Information Security Policy

Deloitte Tohmatsu Group is a largest professional services groups in Japan, consisting of Deloitte Tohmatsu LLC, which is responsible for the Group's governance and management functions, five businesses (Audit & Assurance, Risk Advisory, Consulting, Financial Advisory, Tax & Legal), and corporate functions. 

Our three management principles are "Fairness to society," "Innovation for clients," and "Talent of people," and we aim to provide value to society, clients, and talent.Deloitte Tohmatsu Group recognizes that protecting confidential information and other information assets provided in the course of business from threats such as loss, falsification, leakage, and unauthorized use is essential for the continuous and stable growth of its business activities. Accordingly, Deloitte Tohmatsu Group has positioned information security as one of the most important management priorities. In addition to applying cutting-edge technologies based on the standards of Deloitte, the global network, to the information system environment, each Deloitte Tohmatsu Group entity *(Including Deloitte Tohmatsu LLC, Deloitte Touche Tohmatsu LLC, Deloitte Tohmatsu Consulting LLC, Deloitte Tohmatsu Financial Advisory LLC, Deloitte Tohmatsu Tax Co., and DT Legal Japan) has established the following policies on information security, which are thoroughly disseminated to all persons handling information. By so doing, we will achieve our management philosophy while maintaining and improving the trust of each stakeholder. 

*Please refer to Here for the individual corporations of the Deloitte Tomatsu Group.

1. Organizational Structure
Our group's Reputation Risk Leader (RRL) is responsible for overseeing information management across the Group, under which the Group-wide information management structure is established and operated while individual departments are accountable for understanding, maintaining, and managing their own information security. 

2. Managing Information Assets 
Each entity in the Deloitte Tohmatsu Group implements measures to adequately protect information assets we own and manage in our business activities against threats to the confidentiality, integrity and availability of information.

3. Compliance with Laws and Regulations 
Each entity in the Deloitte Tohmatsu Group complies with the laws, regulations and contracts related to information handling. 

4. Education and Training 
Each entity in the Deloitte Tohmatsu Group makes its partners and staffs aware of importance of information security, including protecting personal information, raises awareness to handle information appropriately, and continuously provides education concerning information security. We also conduct phishing email drills on a regular basis to make its partners and staffs to pay attention to cyber attacks. 

5. Information Security Incident Response Structures and Measures 
Each entity in the Deloitte Tohmatsu Group makes its effort to prevent information security incident (including information leakage, theft, loss, and alteration resulting from cyber attacks or system failures.). If any incident happens, we should promptly respond in accordance with the common procedures set by Deloitte Tohmatsu Group, minimize the damage and take actions to prevent a reccurence. 

6. Information Security Audit
Our group's internal audit and certification systems are utilized by each entity in Deloitte Tomatsu Group to confirm compliance with information security policies among its partners and staffs, and to periodically audit our group's information security management system and information security initiatives to ensure that they are properly maintained and operated. 

7. Continuous Improvement
Each entity in the Deloitte Tohmatsu Group regularly reviews and continuously improves its information security management system and information security efforts to address security risks relating to the changes of business environment and information technology as well as to meet with the legal and regulatory changes and new guidances issued by the government. 

Kenichi Kimura
Deloitte Tohmatsu Group CEO

* Deloitte Tohmatsu Group has been certified for ISO / IEC 27001, an information security management standard, since May 2017.