Updated on August 23, 2017

Information Security and Privacy

Like many companies, Sony faces increasingly advanced threat environment, which presents challenges in the areas of information security and privacy. Third parties seeking to compromise the information of global companies continue to grow in number, capability, and persistence. To address this reality and ensure that we continue to earn our customers' trust, Sony maintains a robust information security and privacy program. Our approach to information security and privacy is grounded in a company-wide governance structure that enables the effective management of potential risks, incorporates security and privacy controls into our systems and products to safeguard information, and deploys monitoring and response capabilities to swiftly address the situation in the event of an attack.

Information Security and Privacy Governance

Sony has established a global information security and privacy organization headed by a chief information security officer (CISO). The CISO's organization is charged with developing and overseeing the implementation of information security and privacy policies and standards globally as well as monitoring compliance with these policies and standards. This organization coordinates with individuals responsible for information security and privacy at Sony Group companies globally to create a Group-wide information security and personal information management system. The information security and privacy officers at Sony Group companies ensure effective implementation of policies and standards. Strong executive support for, and governance of, information security and privacy are essential. Accordingly, it is the responsibility of the executives at each Sony Group company to take an active role in managing risks within their organizations and to instill a culture of awareness in all employees. Under the CISO's direction, Sony will continue to strengthen company policies and standards to further improve information security and data protection.

Sony's information security and privacy management is governed by a set of global policies and standards, which are based on internationally accepted industry best practices. These policies set forth Sony's commitment to information security and privacy and define practices and procedures to be followed by Sony executives and employees. Sony routinely reviews and revises these policies and standards to address changes in the risk landscape, threats, and the regulatory environment. For example, in 2016, we updated our internal Global Information Security Policy and Global Privacy Management Policy to further enhance our security and privacy governance practices and to further embed data protection into our operations.

Employee Training as a Key Component of Information Security and Privacy

Every employee has a critical role to play in protecting Sony's most sensitive information. To increase the education and awareness of our workforce, Sony requires all personnel to receive annual information security and privacy training, which teaches employees how to report incidents and what type of behavior to avoid in order to reduce risk. Sony employees also regularly receive phishing awareness training, which tests employees' knowledge of how to spot and avoid cyber attacks delivered through fraudulent emails.

Monitoring and Response Measures

Sony has established a 24x7 global security operations center equipped with advanced technical capabilities for the purpose of preventing and managing cyber security incidents. Our incident response team defends Sony's networks through threat intelligence and analysis, monitoring and detection of malicious activity, rapid response and containment, and sophisticated forensics capabilities.
Sony is committed to safeguarding the trust of our customers, employees, and business partners. We continuously look for ways to improve our practices, implement stronger controls, and provide more robust security to protect privacy and the information entrusted to our care.

Page Top