Based upon its corporate mission, the PHC Group has established the Information Security Policies and makes efforts based on the policies of 1) Information security management system, 2) Information asset management, 3) Education and training, 4) Provision of secure products and services, and 5) Compliance with laws, regulations, and continuous improvements. Divisions and subsidiaries that handle important information are encouraged to adopt and obtain the international Information Security Management System (ISO27001) certification*, to take initiatives based on its PDCA cycle.
Education/Training
The PHC Group provides education and training to all employees, primarily at domestic locations. In addition, we provide milestone training for new hires, promotions, and organizational managers, as well as professional training on data privacy and for internal auditors. Training on how to respond to targeted e-mail attacks is also provided as part of the training.
Internal Audit
Internal audits occur on a regular basis in the divisions that handle important information by auditors trained professionally. Through rectifications and improvements, identified risks are mitigated and the security level is raised.
Management Tool
The PHC Group has introduced malware detection tools to protect the organization from cyberattacks as well as information leakage within the group.
Incident Management
Information security incidents response reporting lines and relevant procures are in place and maintained.
PHC Holdings Corporation, PHC Corporation, Wemex Corporation (a part of which is not covered*1) provide the following services under the scope of certification.
- Research and study, planning, design, development, manufacture, and maintenance of devices and systems related to medical diagnosis, research support, and in-hospital operation support
- Sales, installation support, and maintenance of medical information systems including electronic medical records, electronic medication history, and medical-receipt computers, as well as temporary employee dispatch
*1 The ISO 27001 certification of Wemex Corporation covers a total of 55 locations, including each sales office, each customer service center, and the development department. (as of April 2023)
In order to recognize the importance of protecting personal information and how to handle it in a clear and secure manner, we have established the Group Data Privacy Policy. This promotes the appropriate protection and handling of personal information, personal numbers, and specific personal information in compliance with the Personal Information Protection Law and applicable overseas personal information protection laws and regulations.