Information Security Policy

Information Security Policy

  • Scope of Application
    This policy applies to human, physical, and environmental resources in relation to our information assets.
  • Information Security Policy
    Our information security policy shall be as follows:
    To protect our own information assets and those that our clients trusted with us from information risks such as alteration, theft, and destruction, to improve operations in compliance with the requirements relating to information security management and protection
  • Action Guidelines for Information Security
    The following shall be the action guidelines for enforcing our information security policy:
    1. Protect our own information assets from all information risks, whether they be internal or external, and intentional or accidental.
    2. Appropriately protect and manage client information.
    3. Strive to raise awareness toward the security of the information about the President and employees.
    4. Unify the judgment criteria for devising information security measures.
    5. Promote appropriate disclosure and sharing of information.
    6. Maintain and improve our corporate trust and culture.

    Individuals who use our own information assets shall recognize the importance of information security and comply with this methodology.

  • Designing, Enforcement, Implementation, Maintenance, and Enforcement Verification of the Information Security Policy
    The President, who is ultimately responsible for information security, shall design our information security policy and ensure its full enforcement by all employees.
    The President shall also establish and implement an information security management cycle (plan design, implementation, evaluation, and remedial actions) to ensure and maintain information security.
    In the execution of their duties, the President and employees shall comply with domestic and foreign laws and regulations, this policy, and pertinent internal rules to ensure information security.
    The President shall use management reviews to revise this policy, related rules, and procedural documents, as needed.

Certifications of Standard

ISO/IEC 27001: 2013; JIS Q 27001: 2014

  • Scope of Certification
    Development and support of software products developed in-house and related to the registration application of medicines and medical devices.
  • Certification Number
  • Date of Initial Certification
    April 26, 2019
  • Date of Recertification
    October 18, 2021
  • Expiration Date of Certification
    October 17, 2024