Corporate Governance Structure and Initiatives | Information security initiatives

Shareholders and investors have made the effective functioning of internal control into a key issue amidst an epidemic of corporate misconduct in Japan and overseas. In this section, Capcom will explain the corporate governance structure and systems that it has initiated so far based on the key concepts of “effectiveness and visibility” in terms of the results of third party assessment.
(Assessment areas are highlighted in yellow.)

As our main business is planning and developing software and we operate in an environment in which the latest information technology is always used, we believe that our information security risks are greater than companies in general. For that reason, we have implemented perimeter^*1 security measures for some time; further, we had begun working on introducing defensive measures like SOC^*2 services and EDR^*3, however in 2020 a third party was able to gain unauthorized access to our systems. Because of this incident, we have implemented various security reinforcement measures to prevent recurrence in addition to our perimeter security measures. These include the establishment of the Information Technology Security Oversight Committee, which includes several external experts, and the introduction of SOC services for around-the-clock monitoring of external connections and EDR for early detection of unusual activity taking place on devices.

*1 Security measures that include placing a firewall at the perimeter between external networks and internal networks.

*2 Acronym for Security Operation Center. A SOC service is a system that monitors systems and networks around-the-clock, and supports the detection, analysis and handling of attacks.

*3 Acronym for Endpoint Detection and Response. A system that introduces software to detect unusual activity on devices such as the PCs and servers utilized by end-users and supports quick responses to issues.

Main Measures