Enacted on November 22, 2008
Last Updated July 1,2018
Representative Director and Chairman
Representative Director and President
JMDC Inc. and its subsidiaries (hereinafter, the "Group") aim to realize a healthy society through medical data and analytical capacity. To this end, we have enacted the following basic policy on information security (hereinafter, the "Policy") which we will implement and promote.
2. Scope of Application
The Policy shall be applied to information (including Personal Information) related to all business activities under the management of the Group.
3. Matters to be Implemented
- (1)The Group shall establish, implement, operate, review, maintain and improve information security management systems in order to protect all information assets that are subject to the application of this Policy from threats.
- (2)The Group shall handle information assets in compliance with the relevant laws, obligations and contractual obligations.
- (3)The Group shall formulate prevention and recovery procedures to ensure its business activities are not interrupted by serious faults or disasters, etc., and shall regularly review aforementioned procedures.
- (4)The Group shall regularly provide all Group employees with education and training in relation to information security.
4. Responsibilities, obligations and penalties
- (1)The President shall be responsible for information security, and shall provide all staff subject to the application of this Policy with the necessary resources to ensure information security.
- (2)Staff subject to the application of this Policy shall be obligated to protect the information of customers.
- (3)Staff subject to the application of this Policy must act in accordance with the instructions formulated in order to maintain this Policy.
- (4)Staff subject to the application of this Policy shall be responsible for reporting any incidents and weaknesses with respect to information security.
- (5)Staff subject to the application of this Policy who have engaged in acts that compromise the protection of information assets including but not limited to customer information shall be subject to dismissal in accordance with the rules of employment.
5. Evaluation of Policy Implementation and Continuous Improvement
The Group shall conduct regular evaluation of information security measures in order to confirm compliance with the Policy and information security regulations, and shall aim for continuous improvement.