Regarding Information Security and Personal Information Protection
Based on its corporate mission, the PHC Group establishes the Information Security Basic Policies and makes efforts based on the policies of 1) Information security management system, 2) Information asset management, 3) Education and training, 4) Provision of secure products and services, and 5) Compliance with laws, regulations, etc., and works on continuous improvements. We also encourage divisions and subsidiaries handling important information to adopt and gain the international Information Security Management System (ISO27001) certification*, to take initiatives based on the PDCA cycle.
IS 717386 / ISO27001
We are particularly aware of the importance of privacy protection. For distinct and safe handling of personal information, we establish and promote the Privacy Policy with specific policies and detailed rules, to comply with the Personal Information Protection Law in Japan and related laws in other countries for the proper protection and handling of personal information, individual number, and Specific Personal Information. For our services handling personal information, we review and organize personal data on a regular basis to ensure they are properly managed.
- Information Security System
- Information Management
- Education and Training
- Secure Products and Services
- Compliance and Continuous Improvement
Education/Training
Mainly at the domestic locations, the PHC Group conducts trainings on personal information and internal audit for new hires, promoted employees, division heads, and specialists. Simulation for phishing attacks are also carried out as part of the education.
Internal Audit
At divisions handling important information within the PHC Group, auditors with professional training conduct internal audits on a regular basis. Through revisions and improvements, we work to reduce risks and raise the security level.
Management Tool
The PHC Group has introduced anti-malware tools to ward off cyberattacks from without the company and information leaks from within.
Incident Management
We are prepared for information security incidents by maintaining reporting routes and response procedures.
* Certification registration range includes service providing in “research and development of devices/systems for medical diagnostics, research support, and hospital workflow support, planning, designing, developing, manufacturing, and maintenance; sales (including OEM), introduction support, and maintenance of medical systems such as electronic medical records, electronic medication history, and medical-receipt computer systems; and staff dispatch” at PHC Holdings Corporation, PHC Corporation, and PHC Medicom Networks Corporation.