Sony has established a global information security and privacy organization headed by a chief information security officer (CISO). The CISO's organization is charged with developing and overseeing the implementation of information security and privacy policies and standards globally as well as monitoring compliance with these policies and standards. This organization coordinates with individuals responsible for information security and privacy at Sony Group companies globally to create a Group-wide information security and personal information management system. The information security and privacy officers at Sony Group companies ensure effective implementation of policies and standards. Strong executive support for, and governance of, information security and privacy are essential. Accordingly, it is the responsibility of the executives at each Sony Group company to take an active role in managing risks within their organizations and to instill a culture of awareness in all employees. Under the CISO's direction, Sony will continue to strengthen company policies and standards to further improve information security and data protection.
Sony's information security and privacy management is governed by a set of global policies and standards, which are based on internationally accepted industry best practices. These policies set forth Sony's commitment to information security and privacy and define practices and procedures to be followed by Sony executives and employees. Sony routinely reviews and revises these policies and standards to address changes in the risk landscape, threats, and the regulatory environment. For example, in 2016, we updated our internal Global Information Security Policy and Global Privacy Management Policy to further enhance our security and privacy governance practices and to further embed data protection into our operations.