Regarding Information Security and Personal Information Protection
Based on its corporate mission, the PHC Group establishes the Information Security Basic Policies and makes efforts based on the policies of 1) Information security management system, 2) Information asset management, 3) Education and training, 4) Provision of secure products and services, and 5) Compliance with laws, regulations, etc., and works on continuous improvements. We also encourage divisions and subsidiaries handling important information to adopt and gain the international Information Security Management System (ISO27001) certification*, to take initiatives based on the PDCA cycle.
- Information Security System
- Information Management
- Education and Training
- Secure Products and Services
- Compliance and Continuous Improvement
Mainly at the domestic locations, the PHC Group conducts trainings on personal information and internal audit for new hires, promoted employees, division heads, and specialists. Simulation for phishing attacks are also carried out as part of the education.
At divisions handling important information within the PHC Group, auditors with professional training conduct internal audits on a regular basis. Through revisions and improvements, we work to reduce risks and raise the security level.
The PHC Group has introduced anti-malware tools to ward off cyberattacks from without the company and information leaks from within.
We are prepared for information security incidents by maintaining reporting routes and response procedures.
* Certification registration range includes service providing in “research and development of devices/systems for medical diagnostics, research support, and hospital workflow support, planning, designing, developing, manufacturing, and maintenance; sales (including OEM), introduction support, and maintenance of medical systems such as electronic medical records, electronic medication history, and medical-receipt computer systems; and staff dispatch” at PHC Holdings Corporation, PHC Corporation, and PHC Medicom Networks Corporation.