NTT Communications was one of the first companies to start work on a management framework for customer and other information.
We realized that we could apply our own stringent security measures to improve security for our customers. In September 2002, we moved to protect our customers’ privacy with the announcement of the NTT Communications Security Declaration and Information Protection Policy.

NTT Communications takes every precaution to protect our customers’ information, and especially their personal information. In addition to implementing conventional security measures, we have been awarded the Privacy Mark and we strictly comply with the guidelines of the General Affairs Ministry. In principle, divulging of personal information outside the Company is prohibited, and we have strengthened our rules regarding the company-internal handling of information. We also maintain stringent controls on the outsourcing of customer-information handling. When handling of personal information is outsourced to other companies, we require such contractors to handle that information according to the same strict security standards that NTT Communications applies, and we conduct regular audits of those operations.

Risk is especially high in the management of electronic customer data. For such data, NTT Communications restricts access rights to the minimum and carefully controls their use, granting permission to use the data only upon careful examination by the security management office. We also turn our expertise in these examination processes to create “information life-cycle management systems,” eliminating the risk of leaks that arise from failure to destroy all traces of the information left behind on circuits by copying processes. Another measure we take to reduce the risk of leakage of customer information is to introduce “thin client” terminals* to handle this information.

Under the direction of a Chief Security Officer (CSO), a number of deliberative bodies are established. The Security Management Office serves as an executive office for security matters, developing policy and management plans and deciding how to respond when incidents arise. In addition, key professional staff members in legal affairs, advertising, general affairs, personnel, and management planning can be assembled at short notice to respond to particular concerns.

Moreover, persons responsible for promoting security in each division deploy specialist instructors who provide centralized training in the application of BS7799, the global standard in security management. We are also working proactively to acquire certification for their information security management systems (ISMS). Of NTT Communications’ nine divisions, five are certified and the remaining four are expected to gain certification shortly.

NTT Communications holds the view that people must be at the center of any comprehensive measures to improve security. For that reason we are hard at work developing tools that improve safety for our personnel and ease the burdens placed on them. Capitalizing on the expertise it has gained in implementing these internal security measures, NTT Communications is now rolling out a full palette of services, including consulting, education and training, and services to prevent information leaks.

Based on the expertise we acquired in developing in-house security solutions, the services we offer have won appraisal from a wide range of customers. One example of our creative approach is an IC-card-based employee identification solution, which uses a single smart card to manage building access and permissions for access to internal data systems.

The IC-Card-Based Employee Identification Solution
Using a single IC card for each employee, this system centrally manages both physical access and systems access. In addition, staff security levels are indicated by color-coded IC card straps, and each floor is differentiated by the colors of each security area. This system offers the double benefit of easy understanding of the rules and tools involved as well as obtaining the participation of all employees in managing security. In addition to enabling individual screening by security personnel at building security gates, the system also ensures that only persons with the proper security levels can enter each zone. When using PCs, employees must give their ID and password and identify themselves using their cards as well, or they are refused access. One benefit of this system is that, if a PC is stolen or lost, a password is set for the hard disk, providing security and preventing data theft and leakage.

NTT Communications constantly stresses the importance of a strong security focus on all its employees. But this process is not one-way: The Company's Security Kaizen (continuous improvement) activities ensure that ideas implemented on the shop floor to improve quality are soon broadly deployed and make an impact on the bottom line.

In these activities, NTT Communications applies the widely used TQC/TQM (total quality control/total quality management) approach to security issues. Security improvement themes are arranged, and for each problem employees repeat the question “Why is this so?” for five times to get to the heart of each problem and improve operations on their own initiative. The employees then proceed to work with other organizations and contractors to attain overall optimization and improve customer satisfaction.

At NTT Communications, we believe that “security” means delivering safety and peace of mind to our customers. Through constant improvements in quality, we are building the value of the NTT Communications brand as a leader in security. The entire Company is pulling together to achieve the most ambitious goals in quality of security.