Specific Efforts Toward CSR |
Efforts Toward Information Security |
Information management framework
|
Suzuken is establishing information management systems designed to protect management-related information, minimize data-related risks, and comply with laws concerning the protection of personal information. Suzuken is also raising awareness of related issues among employees.
Suzuken formulated an information security policy in July 2004 and in December that year its Information Systems Headquarters received BS7799 certification, the then international standard for information security management systems, and ISMS Conformity Assessment Scheme Certification, a system that certifies whether an information system meets a certain standard in terms of its security. Suzuken thus became the first member of Japan's pharmaceutical industry to receive ISMS certification, which uses third-party evaluations to verify compliance with standards for information security management. |
 |
Drafting of the Information Security Policy and ISO 27001 Approval
|
Suzuken views as increasingly vital assets both client information and the data that it collects, transmits and provides over the course of its corporate activities. Ensuring adequate security for this information is thus a top priority for Suzuken. The information security policy was devised as a means of maintaining information security throughout the Company. The policy stipulates guidelines and a management methodology for safeguarding Suzuken's information assets from unauthorized disclosure, system malfunctions and other risks, as well as for incident prevention and procedures for minimizing damages in the unlikely event of an accident. As a definitive step forward, the System Development Department obtained ISO 27001* certification, an internationally recognized standard in information security management, in December 2006.
*Published in October 2005, ISO 27001 is the international standard for ISMS. |
|
|
ISO 27001 Approval (December 15, 2006)
|
|
 |
|
| Applicable standards |
: |
ISO/IEC 27001:2005/JIS Q 27001:2006 |
| Certifying institution |
: |
Japan Quality Assurance Organization (JQA) |
| Certification registration no |
: |
JQA-IM0205 |
| Date of certification registration |
: |
December 15, 2006 |
| Subject of certification |
: |
Information Systems Headquaters, Suzuken Co., Ltd. |
| Scope of registered activities |
: |
Information system development, operation, and maintenance conducted by the System Development Department and the Productivity Management Section |
|
|
|
|
Information Security Measures
|
At Suzuken, we implement a number of information security measures in order to prevent security leaks, such as controlling the taking-out of information equipment, limiting the areas within our facilities that people can enter, and implementing lock and key management thoroughly for very important information, etc.
In particular, in our system measures, we implement measures including the strengthening of security for PCs and USB memory based on encryption and passwords, the certain application of virus pattern files and security patches, the appropriate operation and control of firewalls and the operation of a surveillance system for the company intranet, etc. |
|
Information Security Education
|
 Suzuken carries out information security education and personal information protection education so that we can increase the awareness of directors and employees toward information security and have them practice information security in their daily work.
Starting with basic study through e-learning, Suzuken is making various efforts such as poster-based education, the distribution of an Information Security Guidebook, the regular publication of an Information Security Newspaper, and monitoring by the Internal Audit Division.
|
|
Concerning the Handling of Personal Information
|
 Suzuken regards information as a valuable asset and believes that information must be protected appropriately in the same way as other business assets. Based on this kind of thinking, Suzuken is working on activities-such as the acquisition of ISO27001 certification, the international standard for information security management (System Development Department and Productivity Control Section); educational and awareness activities for directors and employees based on e-learning; and the implementation of comprehensive security measures. Centered on the Risk Management Department-Information Security Section, the company is working together with all employees on upgrading information security systems and strengthening operational activities.
Personal Information Protection Policy |
|
|
