Information Security Policy
- Scope of Application
This policy applies to human, physical, and environmental resources in relation to our information assets.
- Information Security Policy
Our information security policy shall be as follows:
To protect our own information assets and those that our clients trusted with us from information risks such as alteration, theft, and destruction, to improve operations in compliance with the requirements relating to information security management and protection
- Action Guidelines for Information Security
The following shall be the action guidelines for enforcing our information security policy:
- Protect our own information assets from all information risks, whether they be internal or external, and intentional or accidental.
- Appropriately protect and manage client information.
- Strive to raise awareness toward the security of the information about the President and employees.
- Unify the judgment criteria for devising information security measures.
- Promote appropriate disclosure and sharing of information.
- Maintain and improve our corporate trust and culture.
Individuals who use our own information assets shall recognize the importance of information security and comply with this methodology.
- Designing, Enforcement, Implementation, Maintenance, and Enforcement Verification of the Information Security Policy
The President, who is ultimately responsible for information security, shall design our information security policy and ensure its full enforcement by all employees.
The President shall also establish and implement an information security management cycle (plan design, implementation, evaluation, and remedial actions) to ensure and maintain information security.
In the execution of their duties, the President and employees shall comply with domestic and foreign laws and regulations, this policy, and pertinent internal rules to ensure information security.
The President shall use management reviews to revise this policy, related rules, and procedural documents, as needed.
Certifications of Standard
ISO/IEC 27001: 2013; JIS Q 27001: 2014
- Scope of Certification
Development and support of software products developed in-house and related to the registration application of medicines and medical devices.
- Certification Number
- Date of Initial Certification
April 26, 2019
- Date of Recertification
October 18, 2021
- Expiration Date of Certification
October 17, 2024