Information Security Policy

1. Purpose

ITEC recognizes that as Japan’s first total healthcare management consulting company, it is our extremely important responsibility to protect the information assets we hold, including information entrusted to us by our customers, from all threats and to implement appropriate risk management.
Based on this idea, we have established a Basic Information Security Policy Document as a standard for our efforts in information security.
We declare that all officers, employees, and related parties who use our information will adhere to this policy and conduct their duties with a sense of ethics.

2. Basic Information Security Policy

(1) Proper management of user IDs and passwords
Each system must authenticate information users with user IDs and passwords. Passwords must also be properly protected to prevent leakage.

(2) Protection of information resources
Internal information resources must be properly controlled to protect against threats such as destruction, leakage, eavesdropping, tampering, and virus infection.

(3) Implementation of access control
Access rights to internal information resources granted to information users must be kept to a minimum and properly controlled to prevent unauthorized access.

(4) Implementation of computer virus countermeasures
In handling internal information resources, measures must be taken to prevent virus infection damage and appropriate preventive measures must be taken to prevent the spread of viruses to third parties.

(5) Implementation of log management
Information systems and resources must be monitored to ensure that security measures align with this policy, and monitoring records must be properly stored and managed.

(6) Implementation of physical access management
Information systems handling important information and resources critical to business activities must be properly protected from physical damage due to disasters and unauthorized access leading to theft or destruction.

(7) Establishment of a security control system
A clear management framework must be established to implement, control, and embed security measures as part of the corporate culture.

(8) Implementation of corporate information ethics measures
Internal information resources must be used efficiently only for approved business purposes, and the necessary minimum information ethics measures must be implemented.