Based upon its corporate mission, the PHC Group has established the Information Security Policies and makes efforts based on the policies of 1) Information security management system, 2) Information asset management, 3) Education and training, 4) Provision of secure products and services, and 5) Compliance with laws, regulations, and continuous improvements. Divisions and subsidiaries that handle important information are encouraged to adopt and obtain the international Information Security Management System (ISO27001) certification*, to take initiatives based on its PDCA cycle.
The PHC Group provides education and training to all employees, primarily at domestic locations. In addition, relevant training courses on personal Data Protection and internal auditors are conducted at induction, promotion, and other professional settings.
Internal audits occur on a regular basis in the divisions that handle important information by auditors trained professionally. Through rectifications and improvements, identified risks are mitigated and the security level is raised.
The PHC Group has introduced malware detection tools to protect the organization from cyberattacks as well as information leakage within the group.
Information security incidents response reporting lines and relevant procures are in place and maintained.
* Certification registration range includes service providing in “research and development of devices/systems for medical diagnostics, research support, and hospital workflow support, planning, designing, developing, manufacturing, and maintenance; sales (including OEM), introduction support, and maintenance of medical systems such as electronic medical records, electronic medication history, and medical-receipt computer systems; and staff dispatch” at PHC Holdings Corporation, PHC Corporation, and PHC Medicom Corporation.