Toshiba America Information Systems, Inc.
Digital Products Division
Website Infrastructure Security Measures

1) Secure Network Access. Toshiba has implemented firewall controls between its internal network and the Internet to only allow clearly defined traffic to access specific network services. Use of a firewall also provides a central point for logging and auditing Internet traffic. In addition, Toshiba conducts external and internal network vulnerability testing on a regular basis.

2) Secure Network Servers. Toshiba’s network services and systems are monitored 24x7. Server security is maintained by both physical and system level security. Network servers are located in a secure, environmentally controlled, fault-tolerant data center facility where physical access is limited to authorized personnel. Toshiba company policy also requires its system administrators to change passwords on a regular basis. Further, Toshiba is aware of the external vulnerabilities associated with various operating systems and applications. Therefore, Toshiba diligently reviews and tests the latest updates for operating systems and applications and applies them to the network system after they have been deemed necessary and reliable.

3) Authentication. Toshiba’s website is registered with a site identification authority which enables a customer’s browser to automatically confirm Toshiba’s identity behind the scenes before any transmission is actually sent. With this technology, Toshiba’s customers are assured that transmission of confidential information is with Toshiba’s website, and not some impostor site.

4) Encryption. Encryption is a process whereby sensitive information is scrambled while in transit to a recipient in order to protect against unauthorized interception. Only the intended recipient who holds the "key" can decode or decrypt the encrypted information. Toshiba currently uses a server ID (or a digital certificate) in conjunction with the industry-standard Secure Sockets Layer (SSL) technology to encrypt potentially sensitive customer information such as name, address or credit card number. For customers using a security-enabled browser (such as Microsoft Internet Explorer version 2.1 or greater, or Netscape Navigator version 2.0 or greater), the information they sent to Toshiba is encrypted or scrambled and is difficult to decrypt when intercepted by unauthorized third parties, resulting in safer customer transmissions. The presence of security measures surrounding the entry of data on a web page is identified in several ways for you on your security-enabled browser:

.. The URL identifying the page will always begin with "https://" versus the normal " http://".

..  A "closed lock" icon is present in the bottom right-hand corner of your Microsoft Internet Explorer browser screen.

.. An "unbroken key" icon appears in the lower left-hand corner of the Netscape Navigator browser screen.

5) Data Protection. Toshiba performs daily and weekly system and data back-ups that follow an onsite/offsite media storage rotation schedule to protect the customer data stored on the Toshiba network system.

6) Intrusion Detection. Toshiba uses logging utilities to maintain a continuous log of all application, system, and security related events for ease of detecting any unauthorized access and intrusion.