Based upon its corporate mission, the PHC Group has established the Information Security Policies and makes efforts based on the policies of 1) Information security management system, 2) Information asset management, 3) Education and training, 4) Provision of secure products and services, and 5) Compliance with laws, regulations, and continuous improvements. Divisions and subsidiaries that handle important information are encouraged to adopt and obtain the international Information Security Management System (ISO27001) certification*, to take initiatives based on its PDCA cycle.
Education/Training
The PHC Group provides education and training to all employees, primarily at domestic locations. In addition, relevant training courses on personal Data Protection and internal auditors are conducted at induction, promotion, and other professional settings.
Internal Audit
Internal audits occur on a regular basis in the divisions that handle important information by auditors trained professionally. Through rectifications and improvements, identified risks are mitigated and the security level is raised.
Management Tool
The PHC Group has introduced malware detection tools to protect the organization from cyberattacks as well as information leakage within the group.
Incident Management
Information security incidents response reporting lines and relevant procures are in place and maintained.
* Certification registration range includes service providing in “research and development of devices/systems for medical diagnostics, research support, and hospital workflow support, planning, designing, developing, manufacturing, and maintenance; sales (including OEM), introduction support, and maintenance of medical systems such as electronic medical records, electronic medication history, and medical-receipt computer systems; and staff dispatch” at PHC Holdings Corporation, PHC Corporation, and PHC Medicom Corporation.
In order to recognize the importance of protecting personal information and how to handle it in a clear and secure manner, we have established the Group Data Privacy Policy. This promotes the appropriate protection and handling of personal information, personal numbers, and specific personal information in compliance with the Personal Information Protection Law and applicable overseas personal information protection laws and regulations.