menu
header-clinical-biospecimens

Information Security

The information assets we handle, including those related to our commercial partners and clients, are integral and essential to our business. We implement robust measures to secure this information, ensuring its confidentiality, integrity, and availability. All company staff adhere to our ISO/IEC 27001-certified Information Security Management System (ISMS) when handling information assets. The key elements of this ISMS are outlined below.

1. Information security policy

In order to protect information assets, we carry out operations in accordance with an established information security policy. We adhere to our contractual obligations and conform to all laws, rules and industry standard practices relating to information security.

2. Risk assessment

We have established a systematic risk assessment methodology with clear criteria for analyzing and evaluating existing risks to information assets (leakage, corruption, loss etc.). Such risk assessments are carried out periodically and based on the results, necessary security measures are implemented.

3. Information security organization

A management-led information security organization has been established in which authority and responsibilities are clearly defined. Periodical training and education are carried out to ensure all company members handle information assets in an appropriate manner and maintain a high awareness of the importance of information security.

4. Audits and improvements

Checks and audits performed by third parties are periodically carried out to assess adherence to the security policy and handling of information assets. Any discovered deficits or areas for improvement are quickly addressed.

5. Incident handling

Appropriate measures are in place to deal with information security-related incidents, including pre-established protocols to minimize any potential damage. Any incidents that occur are addressed promptly and corrective actions devised as appropriate. For incidents that may disrupt company operations, a management framework has been established and is periodically reviewed in order to ensure business continuity.

6. Management system

In order to realize effective information security in line with the foregoing, an information security management system certified to ISO/IEC 27001 standards has been established. This system is in continuous operation and is reviewed and improved on an ongoing basis.

7. Certification Details

  • Certification: ISO/IEC 27001:2022 / JIS Q 27001:2023
  • Certification Body: BSI Group Japan K.K.
  • Certificate number: IS 794081
  • Expiry Date: 21 May 2027

ISMS Logo

Established: Nov 21, 2018
Latest revision: Oct 4, 2024