Information Security Policy

We strictly observe the requirements below to supply value-added CRO services with particular attention paid to “ethics” and “science,” thereby improving quality of services to our customers and confidence that society places in us, expanding our business, and passing on its benefit to stakeholders.

  1. Establishing a general idea and action guidelines on information security
  2. Taking into account business, legal, or regulatory requirements, and security obligations to be included in agreements
  3. Recognizing and managing security risks related to the use of external services
  4. Based on the above, maintaining the procedures for operating and sustaining the ISMS

This policy will be practiced in accordance with the following action guidelines:

Action Guidelines

  1. Our company provides continuing education and training to all employees (including contract employees and temporary employees dispatched by personnel agencies) to enhance importance of information security and make them aware of it.
  2. All employees observe the procedures for maintaining this policy, laws and regulations, and terms and conditions of agreements on information security.
  3. All employees classify, report, and solve information security violations or accidents that occur.
  4. All employees who take any intentional action that threatens preservation of information assets (including privacy information) or data integrity of the company or customers are definitely subject to disciplinary or legal punishment according to our working rules.
  5. Our company documents and controls measures against risks and opportunities in order to address external and internal problems with assets.
  6. Our company conducts evaluations suitable for the purpose of use in order to manage security risks when storing assets on external services.
  7. Our company supervises this policy and ISMS operations as a whole, checks them regularly, and establishes management systems to improve this policy and ISMS operations continuously to maintain risks at allowable levels.
  8. Our company prepares and maintains an extended CRO service-related business plan, provides regular training, and revises the plan accordingly.

(Established: January 1, 2015)
(Last updated: October 1, 2023)