Regarding Information Security and Personal Information Protection

Based on its corporate mission, the PHC Group establishes the Information Security Basic Policies and makes efforts based on the policies of 1) Information security management system, 2) Information asset management, 3) Education and training, 4) Provision of secure products and services, and 5) Compliance with laws, regulations, etc., and works on continuous improvements. We also encourage divisions and subsidiaries handling important information to adopt and gain the international Information Security Management System (ISO27001) certification^*, to take initiatives based on the PDCA cycle.

We are particularly aware of the importance of privacy protection. For distinct and safe handling of personal information, we establish and promote the Privacy Policy with specific policies and detailed rules, to comply with the Personal Information Protection Law in Japan and related laws in other countries for the proper protection and handling of personal information, individual number, and Specific Personal Information. For our services handling personal information, we review and organize personal data on a regular basis to ensure they are properly managed.

* Certification registration range includes service providing in “research and development of devices/systems for medical diagnostics, research support, and hospital workflow support, planning, designing, developing, manufacturing, and maintenance; sales (including OEM), introduction support, and maintenance of medical systems such as electronic medical records, electronic medication history, and medical-receipt computer systems; and staff dispatch” at PHC Holdings Corporation, PHC Corporation, and PHC Medicom Corporation.