Etsuhiko Shoyama President and Chief Executive Officer, Hitachi, Ltd. Director, Japan Management Association

During the Warring States period, some 400 years ago, each feudal lord had his
own distinctive banner. Shingen Takeda's furinkazan and the bi of Kenshin Uesugi,
who held power around my hometown, are still famous today. These banners raised
morale during battle, helped to distinguish friend from foe, and provided rallying
points as tens of thousands clashed in confusion on the field. Though banner
designs varied from stylized kanji characters to flashy colors combinations, it
can be said that each represented the enthusiasm and aspirations of the lord and
samurai that rallied round.

　 Today it has become common in Japan, as it is in the rest of the world, for
companies to be evaluated on a consolidated basis. The changing outlook
of shareholders and investors being one factor, there is now constant pressure for consolidation in releasing accounting information to the general public. This
shift has also infiltrated to the decision process applied to everyday corporate
management, and has made it essential that managers focus on improving the
management efficiency of the group as a whole. Corporate buyouts and mergers are another change that has become commonplace in Japan, and throughout the
business community, yesterday's enemies are becoming today's friends.
　 To quickly adapt to this changing business environment, front-line workers are required to share a single viewpoint.
Clarity of vision and identity is thus essential, and all of a firm's employees
must hold unified answers to questions such as "Who are we?" and "What are we trying to achieve?"
　 Japanese companies have traditionally been relatively change-free and unburdened by job-hopping. Companies
had been allowed considerably long period of time to share their identity and vision with their employees tacitly. In today's environment where change strikes quickly on every front, however, tacit knowledge must give way to explicit knowledge, which must then be swiftly internalized to all employees. In other words, we must have a banner that clearly differentiates our company from competition. Today, we call that banner as our brand.
　 A strong brand increases a company's unifying force and becomes an aspiration that guides employees. This in turn leads to customer satisfaction and appeals to shareholders and investors. Building a corporate brand that stakeholders resonate with is an important challenge that every company faces today.
　 The Hitachi Group began a major ongoing brand management effort in April 2000. Hitachi is reputed to possess several characteristics. First, it covers an immense range of businesses that stretch from raw materials to home electrical appliances, and social infrastructure to financial services. Second is its sheer scale. The group comprises more than 1,000 companies and holds over 340,000 employees. In addition, our business is rapidly changing as group companies are bought and sold, and affiliation with other companies spreading at home and abroad.
To suffuse this massive group organization with the Hitachi brand, we have established Corporate Brand Management Office that is tasked with clarifying exactly what our brand stands for, providing in-house education, and explaining its activities to the outside entities.
　 The Hitachi Group has historically allowed its companies to operate and grow with great autonomy, and this philosophy has been the driving force behind the group's growth. Now, however, without losing this trait of independent management, we are focusing on brand management to increase the centripetal force of the group as a whole and thus improve our consolidated management efficiency.
　 One key I have taken to heart is that the secret to successful brand management lies with the efforts of top leadership. Thus, I intend to continue to stand fast and wave our banner high, taking a clear stand for all
to see.

One of the most frequent questions now is,"Which should we focus, Privacy Mark or ISMS certification?" There is great interest toward both Privacy Mark (P Mark) and ISMS certification as companies battle information leaks and seek to comply with the Personal Information Protection Act. Both certifications call for management system that integrates information security measures, and both require companies to undergo evaluations that certify they meet set standards.
　 The ISMS compliance evaluation system was officially launched in April 2002. Its purpose is to ensure that a
company's management system offers information security measures capable to maintain information confidentiality, completeness, and usability. Japan Information Processing Development Corporation (JIPDEC) is the supervisory certifying organization, and its ISMS certification criteria are the standard by which compliance is evaluated.
　 Approximately 560 companies and organizations have been certified to date, and there are now 14 assessment and registration organizations in place including JMAQA. Initially, certified companies were predominantly IT-related enterprises, but the enactment of the Personal Information Protection Act in 2003 has generated interest by other industries that deal with personal information. These include medical institutions such as hospitals, and other field like accounting firms, temp agencies, printing companies, OA equipment leasing companies, and businesses such as office waste disposal agencies that are entrusted with processing and disposing of customer information. Public service organizations are also beginning to obtain certification.

The P Mark system was inaugurated in 1998, and here again the JIPDEC is the lead supervisory organization. About 1,000 companies have been certified to date, and there exist four organizations that are authorized to assess and register applications. The Japan Information Technology Services Industry Association is among them.
　 The system adopts JIS Q 15001:1999 (Requirements for Compliance Program [CP] on Personal Information Protection) as its base criteria for compliance evaluations. The P Mark is granted on the basis of soundness of an organization's CP implementation and operation, whether they are up to standard. Initially, certifications centered primarily on information processing companies affiliated with the certifying organizations. More recently, however, certifications are increasingly sought by temp agencies and printing companies, much the same as ISMS.
　 Two international movements sparked the creation of the P Mark system. The first was the publication of Guidelines on the Protection of Privacy and Transborder Flows of Personal Data by the Organization for Economic Cooperation and Development (OECD) in 1980 (Chart1).

This guideline, also called the OECD's Eight Principles, has become the international standard that affects personal information protection policies in most countries. The second was the 1995 EU Data Protection Directive, which integrates the OECD's Eight Principles. This directive stipulated that EU member nations must establish applicable laws and ordinances within three years. In addition, the EU member nations are not allowed to
export personal information to third countries unless they adopt equivalent personal information protection measures. These catalysts paint the backdrop toJapan's own adoption of the Personal Information Protection Act.

To the first question, as to which certification should we pursue, I'll ask them back, "What's the purpose of the
certification? Who are our customers?" and "What type of information do we deal with?" To just say P Mark certification is desired for compliance with the Personal Information Protection Act or to prevent personal information leaks is too simplistic.
This is because, whether the company is the root owner of the personal data or is being entrusted by clients makes substantial differences in how information must be dealt and what sort of management system is required.
　 It must also be recognized that the target of the P Mark is mainly the consumer, so it is a symbol that reassures personal information is justly protected. On the other hand, ISMS certification carries weight on both consumer and business partners, thus reflecting a potentially larger audience. Therefore, management systems
that focus on ISMS are more likely to be scalable and best reflect considerations of the overall purpose, client base, and types of information being managed.
　 How then can an information security management system be made highly flexible and effective? There are three key points:
1) First, any information security measure should be built on the premise that "accidents will happen." Incidents and accidents are matters to be reckoned with risk management.
2) Second is awareness toward information security. In 1992, the OECD issued nine principles in its Guidelines for the Security of Information Systems - separate from the eight principles of privacy protection - and a revised, more detailed version in 2002(Chart 2).
"Awareness" is the very first principle there. This recognizes IT's integration into the social infrastructure and points out a need to be aware of the possible risks that accompany convenience and to place greater emphasis on information security.
3) The third key is leadership of the top. Information security measures can spell death for a company if they are not set up correctly. It is therefore a management challenge that must be addressed by the company as a whole. Strong leadership from top executives and the allocation of sufficient management resources are both vitally important.
When ISMSs are constructed, the focus tends to be directed towards technical measures. However, it must not be forgotten that ISMSs are actually tightly focused on people.

Japan Management Association (JMA, Chairman: Yoshio Tomisaka) convened the first meeting of the CSR Board of Japan on September 27, 2004 at the Tokyo Prince Hotel in Shibakoen, Tokyo.
　 The CSR Board of Japan was established to consider, on a practical level, an ideal form of CSR Management that can incorporate the unique merits of Japanese companies and to offer proposals that challenge all industry to improvetheir CSR, through developing best-practice case studies, etc.
　 The board consists of executives and other representatives from more than 30 diverse companies. It is chaired by Kanji Tanimoto, professor of Hitotsubashi University's Graduate School of Commerce and Management. The vicechairman is Minoru Inaoka, managing director of Ito-Yokado Co., Ltd. The board is tasked with: 1) propagating CSR Management; 2) conducting and regularly presenting case studies of best practices in CSR Management; 3) developing programs to train and fortify CSR　Management personnel; and 4) disseminating global information on CSR.
　 A CSR Management Forum will also be organized as a substructure for more specific reviews and discussion. The fruits of this forum and board are to be distributed publicly throughout the industrial community.
The inaugural meeting of the board opened with keynote speech by Chairman Tanimoto on the CSR challenges that are facing Japan. During his speech, he reviewed the increasing need for crosssectional discussion at a national level, and the neccesity of common rules in market competition framework. In short, both frameworks of regulations and supportive policy are needed now. He emphasized that the board is to focus on identifying what form CSR management should take in Japan and to offer macro-level proposals for administrative policy, in addition to providing industry with a free flow of information, in a manner similar to the EU's CSR Europe group.
　 Following the opening speech, each board member presented their company's current CSR efforts and discussed issues they are facing. Many members stated that a fogginess remains about how to best promote CSR and expressed an expectation that the board will: 1) create CSR standards and 2) conduct concrete research on how CSR management can be directly connected to corporate profits.
　 In closing, Vice-Chairman Inaoka commented that the heated discussions of the day helped identify some of the fundamental challenges facing corporate management. These included sketching out an Japanese CSR to philosophy; how CSR can relate to profits; how to leverage primary business in combination with CSR; how individual companies stand with CSR efforts; and the need for transparency and corporate responsibility.
He then concluded with the hope that the board will continue to discuss the issues raised and actively engage in CSR-related activities that will benefit all companies.

Japan Management Association（JMA）
Activities:
Survey, research and advisory services／Management education／Technical conferences and conventions／Management system audit／Others
3-1-22 Shiba Koen, Minato-ku, Tokyo 1058522
Tel. +81-3-3434-1601 Fax. +81-3-3434-1087
URL. http://www.jma.or.jp/indexeng.html

Japan Institute of Plant Maintenance （JIPM）
Activities:
Surveys, researches, consulting, training and publishing relating to TPM（Total Productive Maintenance）and plant maintenance
3-1-38 Shiba Koen, Minato-ku, Tokyo 1050011
Tel. +81-3-3433-0351 Fax. +81-3-3433-8665
URL. http://www.jipm.or.jp/

Japan Institute of Information Technology（JIIT）
Activities:
IT Excellent User Award, Promotion of IT management strategy, Contact Center activity promotion, Research activities
JMA Building, 3-1-22 Shiba Koen, Minato-ku, Tokyo 1050011
Tel. +81-3-3433-6677 Fax. +81-3-3459-1704
URL. http://www.jiit.or.jp/

Japan Society for Technical Communication（JSTC）
Activities:
Undertaking technical document preparations／English Technical Writing Test／Others
3-1-22 Shiba Koen, Minato-ku, Tokyo 1050011
Tel. +81-3-3434-2350 Fax. +81-3-3434-2486
URL. http://www.jstc.or.jp/

JMA Consultants Inc.（JMAC）
Activities:
Management Consulting／Education and Seminars／Others
35Fl., Shiroyama JT Trust Tower 4-3-1 Toranomon, Minato-ku,
Tokyo 1058534
Tel. +81-3-3434-7331 Fax. +81-3-3434-6430
URL. http://www.jmac.co.jp/

JMA Systems Corporation（JMAS）
Activities:
Specializing in computer software
3-1-22 Shiba Koen, Minato-ku, Tokyo 1050011
Tel. +81-3-3431-7401 Fax. +81-3-3431-7063
URL. http://www.jmas.co.jp/

JMA Research Institute Inc.（JMAR）
Activities:
Surveys and researches／Information services／Others
3-1-22 Shiba Koen, Minato-ku, Tokyo 1050011
Tel. +81-3-3434-6282 Fax. +81-3-3578-7547
URL. http://www.jmar.co.jp/

JMA Management Center Inc. （Abbreviation: JMAM）
Activities:
Human Resources and Manpower Development
Shiodome Sumitomo Bldg. 24F, 1-9-2 Higashi-shimbashi,
Minato-ku, Tokyo 1058520
Tel. +81-3-6253-8000
URL. http://www.jmam.co.jp/corporate/english/index.html