Information Security Principle

Last revised: 1 January 2021

Each entity in the Deloitte Tohmatsu Group has been arranged efforts for its information security management system as one of the critical items of its business activities, and is aware of necessity and materiality of confidential information and personal information protection. Each entity in the Deloitte Tohmatsu Group shall carry out protection of confidential information and personal information by establishing the principle related to information security, by familiarizing all employees with the principle as well as by complying with the principle.

Deloitte Tohmatsu Group is a collective term that refers to Deloitte Tohmatsu LLC, which is the Member of Deloitte Asia Pacific Limited and of the Deloitte Network in Japan, and firms affiliated with Deloitte Tohmatsu LLC that include Deloitte Touche Tohmatsu LLC, Deloitte Tohmatsu Consulting LLC, Deloitte Tohmatsu Financial Advisory LLC, Deloitte Tohmatsu Tax Co., DT Legal Japan, and Deloitte Tohmatsu Corporate Solutions LLC. Please click here for the list of entities comprising Deloitte Tohmatsu Group.

1. Each entity in the Deloitte Tohmatsu Group shall establish and protect information security management system, which is intended to cover all its information assets held and controlled, which include confidential information and personal information in its business activities

2. Each entity in the Deloitte Tohmatsu Group shall take controls to adequately protect information assets that the entity holds and controls from the threats against confidentiality, integrity and availability.

3. Each entity in the Deloitte Tohmatsu Group shall comply with the laws and regulations related to information handling, and adequately collect confidential information and personal information.

4. Each entity in the Deloitte Tohmatsu Group shall make awareness of importance of information security, increase awareness for adequate information assets handling, and continuously implement information security-related trainings for its partners and staffs.

5. Each entity in the Deloitte Tohmatsu Group shall establish the business continuity plan to minimize interruption of business activities, and take corrective action to protect business activities from a significant impact from an information security related-incident or a disaster. Moreover, corrective action shall be reviewed regularly.

6. Each entity in the Deloitte Tohmatsu Group shall make its effort to prevent information security incident. If any incident occurred, we shall rapidly establish the crisis management system, minimize the damage and take preventive actions.

7. Each entity in the Deloitte Tohmatsu Group shall regularly review and continuously improve its information security management system and its information security efforts to correspond changes in the information security environment.

Takashi Nagata
Deloitte Tohmatsu Group CEO

* Deloitte Tohmatsu Group has been certified for ISO / IEC 27001, an information security management standard, since May 2017.