Information Security

图像

Governance

Governance | Risk Management | Ethics and Compliance | Information Security | Executive Compensation | Tax Policy

Information Security Management

As a global company, Renesas takes cybersecurity seriously and strives to identify vulnerabilities and respond immediately to any potential threats. To ensure business continuity, we constantly work to prevent cyberattacks through corporate governance policies and processes, including monitoring and reporting potential threats, employee training, and staying current with the latest cybersecurity standards and certifications. In 2024, we enhanced our information security core competencies via the following key initiatives:

1. Enhanced supply chain security to ensure better protection against potential vulnerabilities and enhance operational resilience.
2. Strengthened engagement with key stakeholders, including our industry peers, suppliers, governments, and customers, lending a robust security posture and improved intelligence
3. Stayed informed about industry cybersecurity challenges and solutions through active participation in the Semiconductor Manufacturer Cybersecurity Consortium（SMCC）Governance and Testing

We have established a comprehensive security management framework designed to continuously monitor, assess, report, and address any unauthorized attempts to access our networks, data, or computer systems. This structured approach ensures that we can promptly identify and respond to potential security threats, thereby safeguarding our digital assets and maintaining the integrity of our operations.

Renesas aligns with ISO 27001 standards and conducts regular maturity benchmarking against a peer group of comparable manufacturers to ensure continuous improvement in information security practices. We have a formal structure in place to monitor, evaluate, and respond to unauthorized attempts to access our networks, data, or systems. Our expert IT security team monitors potential threats around the clock, employing both tactical and strategic measures to proactively detect and resolve security issues, all under the guidance of the Vice President of IT.

In the event of an incident, the IT team promptly reports to the Security Council (CEO, CFO, General Counsel, and heads of HR and IT) and activates emergency response plans, collaborating with HR, Legal, Quality Assurance, Procurement, and Accounting as necessary. Quarterly reports are provided to the Security Council, executive management, and the Board of Directors to keep them informed of cybersecurity risks and initiatives.

We conduct regular incident response exercises to ensure swift and effective action, reinforced by recent security policy updates that strengthen threat response, enhance coordination, and align with industry-leading standards. In addition, we also conduct annual penetration tests to identify internal vulnerabilities and provide actionable insights to mitigate risk.

Training at Renesas

At Renesas, we prioritize cybersecurity awareness by providing mandatory annual training on phishing and security protocols to all global employees and contractors. Our program includes periodic mock phishing exercises and access to additional on-demand training materials via the IT Intranet page.

In 2024, we conducted regularly scheduled employee cybersecurity training sessions and completed our annual cycle of security training, with 83% of employees successfully completing the training. This is a continual process that not only focuses on phishing, but also ensures our colleagues are up to date with the latest knowledge on cybersecurity threats. Furthermore, every new employee undertakes detailed security and compliance training with annual refresher training.

Our cybersecurity team works closely with our colleagues in Compliance, Legal, and HR to ensure we have the necessary tools and processes to address modern security threats. We firmly believe that robust information security acts as a business enabler, fostering growth by establishing us as a trusted supplier, customer, and partner.

Certifications

Renesas is dedicated to adhering to global security standards, showcasing our commitment and ability to protect against security breaches. In 2024, we aimed to broaden our certifications to ensure that both current and future acquisitions align with our global standards, providing a consistent experience for all users. Our current certifications include the following:

1. ISO 27001 (Initiated a global ISO 27001 certification process and successfully completed the first phase, which involved testing the effectiveness of our design controls.)
2. TISAX, an automotive security standard which works alongside IATF 16949 and ISO9001 (Completed in 2023)
3. SOC2 Type 2 certification is in place for the Altium 365 platform involving an evaluation of the effectiveness of security controls over a specified period and ability to operate consistently over time.

AI Governance

As generative AI has become imperative part of our operation at Renesas, we place great importance in AI governance to ensure safe and responsible adoption and use. We formed the AI Tools Task Force which is a cross-functional working group of AI, Security, Compliance and Legal, and released Guidelines for Generative AI Tools to foster secure and compliant environment to use generative AI tools across the organization globally. We also provided online training for employees in 2024 to boost their understanding of use, risks, and limitation of AI Chatbots in the workplace.

Data Privacy

Renesas is dedicated to safeguarding the privacy and security of our team, clients, partners, and stakeholders. Our information security policy outlines the rigorous measures we take, with the objective of ensuring full compliance with data privacy laws and regulations, including GDPR, APPI, CCPA, and BDSG. These changes have been implemented organization-wide to strengthen our security posture and ensure alignment with industry best practices. Additionally, Renesas partners with TrustArc, a third-party vendor specializing in privacy compliance, to conduct an annual comprehensive assessment of its privacy practices. This assessment thoroughly evaluates Renesas’s privacy practices, policies, and procedures, ensuring that any potential gaps are identified and addressed to enhance and strengthen our privacy program.

Our Data Privacy Framework outlines the principles, controls, and governance mechanisms we have implemented to protect personal data throughout its lifecycle. In 2025, we continued to advance our data privacy capabilities through the following key initiatives:

• Enhanced Data Privacy Governance
  We have established a Legal Department Data Privacy Team. We collaborate with internal stakeholders to identify and mitigate data privacy risks.
• Strengthened Privacy Frameworks and Regulatory Compliance
  Renesas is implementing structured frameworks to support compliance with global data protection laws. These frameworks are designed to provide a consistent foundation for privacy operations and promote accountability, transparency, and risk mitigation across the organization.
• Privacy by Design and Default
  Renesas intends to apply Privacy by Design principles to ensure that privacy considerations are embedded from the outset of product development and business initiatives, and by default, only the minimum necessary personal data is collected, retained, and processed, reducing exposure and supporting responsible data use.
• Cross-Functional Engagement and Risk Analysis
  We engage cross functionally to assess privacy risks. Through internal reviews and privacy impact assessments (PIAs), we strengthen organizational awareness and alignment around data protection goals.
• Centralized Privacy Resources
  Renesas has launched a centralized Data Privacy intranet page that provides streamlined access to privacy policies, guidance, training materials, and templates.
• Ongoing Monitoring and Continuous Improvement
  We stay informed about legislative changes to update our president and templates.
• Transparent Communication
  Renesas is committed to transparency. We clearly communicate how we collect, use, and protect personal data, and we uphold the rights of individuals to access and control their information in accordance with applicable laws through our Privacy Policy.

Through these efforts, Renesas ensures the responsible handling of personal data and fosters a culture of privacy that supports innovation, trust, and global compliance.