|
|
| As a Global IP Solution Company, NTT Communications (NTT Com) places top priority on the implementation of security management systems to ensure that the services it provides are protected. In April 2002, the company established the Security Management Office (SMO) to beef up information security at an organizational level and to improve the company's ability to respond quickly to any threats of breach. In September of that same year, NTT Com President Masanobu Suzuki issued the NTT Communications Security Declaration to direct IT security on a corporate-wide level. In the declaration, NTT Com pledges to: • Place top priority on providing customers with secure services. • Work closely with customers as an IT partner to ensure that the vital information entrusted in NTT Com is not breached. • Cooperate with business partners and sub contractors that support NTT Com to guarantee security. In its proactive stance toward information security, the company has provided staff with a wallet-sized card embossed with the declaration. Declaration Helps Define New Corporate-wide Information Security Policy To meet the ambitious goals spelled out in the declaration, the SMO formulated a new security policy, which was released in April 2003 to replace the previous outdated policy. "The former security policy was sufficient when NTT was strictly a telephone services company," explains SMO Director Kouichi Arimura. "However, with the evolution of the ubiquitous IT era, our business grew more global in scope. We quickly realized the necessity for a more dynamic policy that better meets client needs, in light of the developing technical trends and accompanying security-related issues." The new policy is designed to help achieve global security standards and provide guidance in development of products and services. "The most important aspect," according to Arimura, "was gaining approval from top management so that the policy could be implemented from a top-down approach. That is, it would first be introduced to executives at the organizational level and then to employees at the desk level. This would be followed by introduction of the necessary tools to support them. For this reason, beginning with the declaration, the policy took on a pyramid shape." Arimura continues, "It cannot be emphasized enough the vast amount of corporate resources and relentless effort on the part of staff that went into affecting reform." With the security declaration at the top, the next layer in the policy comprises fundamental principles, which define the rules for corporate-wide security management and include objectives, goals and responsibilities of NTT Com staff. The following layer focuses on standards for each specific security domain, covering staff, partners, facilities and operations. Finally, the base of the pyramid includes the procedures and tools for implementing the policy, such as manuals, instructions, work sheets and model contracts. So far, implementation has been smooth, as tools and procedures are continually being created. The next step includes possibly implementing the new policy on a global scale. |
