Regarding Information Security and Personal Information Protection
Based on its corporate mission, the PHC Group establishes the Information Security Basic Policies and makes efforts based on the policies of 1) Information security management system, 2) Information asset management, 3) Education and training, 4) Provision of secure products and services, and 5) Compliance with laws, regulations, etc., and continuous improvements. We also encourage divisions and subsidiaries handling important information to adopt and gain the international Information Security Management System (ISO27001) certification, to take initiatives based on the PDCA cycle.
- Information Security System
- Information Management
- Education and Training
- Secure Products and Services
- Compliance and Continuous Improvement
Mainly at the domestic locations, the PHC Group conducts trainings on personal information and internal audit for new hires, promoted employees, division heads, and specialists. Simulation for phishing attacks are also carried out as part of the education.
At divisions handling important information within the PHC Group, auditors with professional training conduct internal audits on a regular basis. Through revisions and improvements, we work to reduce risks and raise the security level.
The PHC Group has introduced anti-malware tools to ward off cyberattacks from without the company and information leaks from within.
We are prepared for information security incidents by maintaining reporting routes and response procedures.