To ensure security for products, systems, and services, Toshiba Group works, in collaboration with its quality assurance divisions and procurement divisions, to ensure security for product development processes and other companies’ products used in its products under its product security management system.
We have devised plans to enhance its product security preparedness according to risk-based priorities, defining four focus areas for product security: maintenance and management of the PSIRT* framework, handling of vulnerability information, response to product security incidents, and secure development management. We are making a Group-wide effort to prepare product security checklists that summarize the security requirements to be checked at each product development stage as well as guidelines and standard recommended tools corresponding to each of the checklists.
We also ask our suppliers to understand Toshiba Group's approach to product security and cooperate with us in providing secure products, systems, and services by distributing guidelines. We have also established new guidelines to objectively determine the security risks of Toshiba Group's wide-ranging and diverse products, and are working on initiatives for enhancing product security through risk-based approaches in the supply chain that includes in-house product development and suppliers.
In terms of human resource development, for better understanding of product security and implementation thereof, we provide all Toshiba Group officers and employees with annual e-learning sessions on product security. We have also defined human resource types and responsibility levels in accordance with the work type and implemented specialist training based thereon. Furthermore, we have established and operate an in-house certification program for security personnel. Through these activities, we are developing human resources with product security expertise across all positions and divisions in order that these employees can improve security quality during product development, and identify and respond to vulnerabilities and incidents in a timely and appropriate manner during their daily work activities.
We also ask our suppliers to understand Toshiba Group’s approach to product security and cooperate with us in providing secure products, systems, and services by preparing guidelines.
Please refer to the Cyber Security Report for details on our product security efforts.
- Product Security Incident Response Team