The risk of cyberattacks has risen in recent years. In response, DMG MORI has set information security as a crucial management item. We have continued to enter into consultation agreements with external security experts since 2015, have formulated an information security policy, and have established an Information Security Committee to strengthen information security management throughout the company.
We are now responding to increasing threats while establishing Information Security Committees within each Group Company and sharing information throughout the Group. DMG MORI places a priority on safeguarding the important information we receive from our customers. Toward that end, we revise how we manage information as needed and continue to strengthen our security measures.
We are building a security management organization with the Control Security Committee in a central role to manage internal company information as well as the security of customer networks and customer-facing services accessed using DMG MORI machine tool products. We also leverage our cooperative relationships with partners in promoting efforts to enhance security in plants, which are increasingly switching to digital technologies.
In addition, in order to further enhance security measures, we obtained the international standard IEC 62443 4-1 (Security for Industrial Automation and Control Systems Part 4-1: Secure Product Development Lifecycle Requirements) in November 2024.

See here for our press release on obtaining the IEC62443 4-1 certification.

Basic Policy for Information Security

With regards to the importance of appropriate protection and management of information assets on a global consolidated basis for continuous and stable business activities, DMG MORI CO., LTD. (hereinafter referred to as the “Company”) will stipulate its own Basic Policy for Information Security.
The Company will strive to adhere strictly to the Basic Policy for Information Security to guarantee the security of our products and to protect the customers’ information when offering manufacturing solutions with machine tools at the core. Furthermore, the Company will continue to provide ever increasing value, innovation and unlimited possibilities of machine tools to customers worldwide while following international laws and regulations.

1. In order to protect all of its information assets from unauthorized access, loss, destruction, manipulation, and leaks, etc., the Company will appoint a person with overall responsibility for information security management. Further, the Company will establish the Information Security Committee to set up an appropriate management structure.
2. The Company will continuously implement educational programs necessary to raise the awareness of the importance of information security for all the employees and persons involved in its business.
3. DMG MORI Group will strictly follow laws and regulations, code of ethics, and internal rules. Through careful observation of the social environment and technological advancements, the Company will continuously review its internal rules, structures, and systems. In this way, the Company will strive to evaluate, maintain, and improve its information security management system.
4. Any violation of the Basic Policy of Information Security and its related rules will be strictly dealt with severely.

Organization for the promotion of enhanced information security

The DMG MORI Group holds regular meetings of the Information Security Committee, with the Director of Management serving as the Information Security Supervisory Manager. We continue to expand the organization in the Company Headquarters and in Group Companies.
The committee is involved in activities related to human, organizational, and technical measures, including formulating security strategies, strengthening governance in areas such as information security training, implementing security measures, and conducting information security audits. We also regularly hold global security conferences with overseas Group Companies. We formulate countermeasures based on a globally unified security strategy, share issues related to information security at each site, and study solutions from a global perspective.
In response to the recent increase in cyber-attacks via our overseas offices, we have been conducting IT security audits of our offices in Asia since 2023. We dispatch information security personnel from Japan to our bases in 11 countries in Asia to audit the implementation of countermeasures and improve information security literacy. Through these activities, we aim to maintain and improve a unified security level across all our overseas sites.
Also, with the increasing number of cyberattacks on supply chains, we visited our major suppliers in 2023 to check the status of security measures and held discussions on how to strengthen them. Based on the results, we are working to improve the security level of each supplier by providing information security seminars and training for suppliers.

Open and fair acquisition of information

DMG MORI has established a basic policy on personal information protection, under which we strive to use the personal information we obtain through conducting machine tool-related business only within our defined scope and manage this information appropriately within the stipulated retention period.