DOCTOR NET

Information security

INFORMATION SECURITY

We have established a remote medicalcare support service to contribute to improvement of quality and efficiency of medicalcare by specializing and networking of hospitals and physicians. Because of this, we are strongly aware of social responsibility as a remote medicalcare support service provider, and various information assets including customer information we handle in our business.

We have established "ISMS Basic Policy", which was approved by management as a basic policy for establishing the information security system named Information Security Management System (hereinafter, referred to as ISMS), established, installed and maintaining this system and will continuously improve it.

  1. Definition of Information Security: Information Security means to maintain confidentiality and usability of information and appropriately protect information assets.

  2. Purpose of Information Security: Considering information assets for this company are the most important asset to be protected in our business, including remote medical care supporting service, IT solution service, medical imaging service, and so forth, we have set our goal is to appropriately protect the information assets from extensive threats that may be given to them by intentional, accidental, or environmental (of natural disaster) incidents.

  3. Scope of Application: All information assets managed by this company are in the scope of application.

  4. Basic Policy

    1. ISMS basic policy and information security goals are established to reduce the risk to information assets by the company to below the acceptable level of the standard. The plan of ISMS will be set in accordance with this policy and goal, installed, evaluated and assessed for continuous improvement.

    2. By clearly separating measures for information security stipulated by the law from duties for information security in contracts regarding company business, and strictly follow them as well as ISMS. However, if information disclosure is requested by law, as little information as possible will be disclosed with approval of top personnel for information security.

    3. We will establish an organization system needed for maintenance of ISMS, environment for risk management for information assets, and prepare systems to give education and training for awareness of information security between employees. To achieve these, the management will provide sufficient operating resources.

    4. As well as establishing criteria to evaluate risks, decide upon risk management procedures to assess risks to information assets. for risk assessments . Concerning the risk management procedures, establish the risk criteria and the management should decide the acceptable level of receiving risks.

Enacted on: May 15, 2009

ISMS is applied to the service department, department of technology and development , and quality management department.

Learn More