Information Security

Sustainability

Fundamental Approach

Aim

  • Protect information assets and ensure the safety and security of our customers from the threats and risks of cyber attacks, which target confidential corporate information and information systems, the networks of systems that control plant facilities and vehicles (such as on-board device systems), and even supply chains.

Information Security Efforts

Toyota protects the Toyota Group's information assets from threats such as cyberattacks and unauthorized access. At the same time, Toyota has established a solid information security management framework and actively promotes the strengthening of information security across the Group from multiple perspective.

Initiative

  • Based on the Information Security Policy, Toyota Motor Corporation and its consolidated subsidiaries work together to prevent information leaks.
Information Security Policy

Organizational Structure

Activities in each security domain, as well as common issues across the organization, are shared and discussed at the Information Quality Management Meeting to improve information security group-wide. In addition, if a serious incident occurs, the situation is promptly assessed and reported to management, including the Board of Directors. The root cause is then analyzed, and appropriate countermeasures are implemented.

Organizational Structure

Enhancement Activities Based on the All Toyota Security Guidelines

Toyota has established the All Toyota Security Guidelines (ATSG), which apply to Toyota Motor Corporation, its consolidated subsidiaries, dealerships, and rental and leasing companies, as part of its efforts to prevent internal information leaks and to respond to cyberattacks that are becoming increasingly sophisticated and complex. Through these efforts, Toyota is committed to thoroughly ensuring information security.

Based on ISO 27001/27002, the NIST (National Institute of Standards and Technology) Cybersecurity Framework, and the Cyber-Physical Security Measures Framework issued by Japan's Ministry of Economy, Trade and Industry, ATSG defines the measures to be taken, including organizational, technical, and physical controls, as well as the establishment of response structures in the event of incidents and accidents. Through these measures, ATSG contributes to ensuring information security from multiple perspectives. To respond to changes in the operating environment, ATSG is reviewed on a regular basis.

In addition, Toyota conducts annual assessments under ATSG to review each company's information security initiatives, with the aim of continuously maintaining and improving information security.

Since fiscal year 2018, a specialized team at Toyota Motor Corporation has conducted on-site audits and interviews at consolidated subsidiaries, dealerships (in Japan), and rental and leasing companies (in Japan), using the findings to drive improvement activities.

Process of ATSG inspections, audits, and interviews

Related Information

  • Sustainability Data Book
    Sustainability Data Book
    This data book summarizes Toyota's sustainability policy, initiatives, and activities of previous year.