Basic Information Security Policy

Our company has had an Information Security Management System (ISMS) in operation since January 2005. We pledge to execute our Basic Information Security Policy as indicated below.

1. Manage all information pertaining to business operations as information assets, and always employ the optimal information security measures. We regard information related to product expertise, business strategy, and personal information in particular as being the most critical types of information.
2. Build an ISMS to appropriately manage information assets and operate it properly and optimally, while also monitoring and verifying its operability.
3. Aim to create a stable environment for the utilization of information assets.
4. Put together a crisis management system and work to maintain business continuity when information security incidents and large-scale system failures occur.
5. Implement information security training for all employees, to make them fully aware of its importance and help support business operations.
6. Comply with national related laws, industry standards, and other necessary regulations for operating the ISMS.
7. Continuously make revisions and improvements to the initiatives above according to legal systems and the social landscape, or what is discovered through audits and other such findings.

We have been certified to the international standard for information security management systems ISO 27001

Recap of past activity

April 25, 2005

Obtained certification simultaneously for both the ISMS conformity assessment, a third party certification system for information security management systems, and for BS7799 standards in the United Kingdom covering Head office and Tokyo branch office (currently Kanto Region Area 1 Branch) .

June 8, 2006

Transitioned to ISO 27001, while also expanding the applicable scope to include the Sakoshi and Ako locations.

April 23, 2008

Expanded the applicable scope to include the Kita-Nippon, Kita-Kanto (now Kanto Region Area 2 Branch) , Nagoya, Osaka, Hiroshima, and Fukuoka Branches as well as International Headquarters (now Global Management Headquarters).

May 7, 2009

Expanded the scope of certification to include the Kakegawa Plant.

April 30, 2018

Expanded the scope of certification to include the Tokushima Plant.

The information security management system at our company is therefore globally recognized to be continuously in compliance with international standards.
We will make continued efforts to maintain PDCA (plan, do, check, act) cycles and offer even more dependability to all stakeholders.

Overview of Certifications Attained

1. Scope of certification: Pharmaceuticals, quasi-drugs, medical devices, household products, and food product related planning, research, development, procurement, production, distribution, and sales
2. Certifications obtained: ISO/IEC 27001:2013
3. Registration number: IS 91379
4. Date of initial registration: April 25, 2005
5. Certification body: BSI Group Japan K.K.
6. Accreditation organizations: ISMS-AC (JIPDEC), ANAB (U.S. accreditation board)

ISO/IEC 27001

The ISO 27000 series comprises information security standards published by the ISO international standard-setting body, based on Part 1 and Part 2 of U.K. standards BS 7799. ISO 27001 is a certification standard derived from Part 2, and was published on October 14, 2005. ISO 27001 certification means that an organization is internationally recognized as one that has established an information security management system.

ISMS (Information Security Management System) Conformity Assessment Scheme

A conformity assessment scheme for information security management systems, administered by the Information Security Management System Accreditation Center (ISMS-AC). ISMS certification criteria version 2.0 was formulated in April 2003 based on BS7799-Part 2:2002.

BS 7799

Standards published by the British Standards Institution (BSI), comprised of Part 1 which states base practices guidelines for information security management, and Part 2 which states specifications (certification standards) for information security management systems.
Part 2 was revised in the fall of 2002, and solidified the Plan-Do-Check-Act (PDCA) cycle in risk management, while further increasing the effectiveness of information security management systems.