Governance and Risk ManagementInformation Security
ISO 27001 Certification
Tokyo Century Group has acquired the ISO 27001 international information security management systems certification standard with the goal of protecting information assets concerning our clients and those of the Group from threats such as unauthorized access, loss, leakage, revision, and destruction. As such, the Group engages in the appropriate protection and management of information assets companywide. Aiming to be a company trusted by society, the Group will continue to strive to ensure information security by working to further entrench adherence to ISO/IEC 27001 standards and by engaging in continuous improvement efforts.
ISO 27001 Scope of Certification
Certification has been acquired for the following offices of Tokyo Century and Group companies.
- ■Tokyo Century Corporation (Head Office, Okachimachi Office, Akihabara UDX)
- ■TRY Corporation
- ■TC Business Services Corporation
The following subsidiary has also individually obtained certification.
- ■Fujitsu Leasing Co., Ltd. (all offices)
Basic Information Security Policy
Tokyo Century Group seeks to protect the information assets of business partners and of the Group from various security risks by laying out guidelines and related rules and regulations to carry out the following initiatives.
1. Protection of Information Assets
We will protect all information assets related to our business activities. In particular, we will designate information concerning our business partners and confidential information concerning the Group as vital information, and we will appropriately handle such information to protect it against illegal access, loss, leaks, falsification, and destruction.
2. System of Information Security Management
We will clarify the roles and responsibilities for information security through the Information Security Committee, as the organization for deliberating on information security, and a Chief Information Security Officer, as the person responsible for implementing related measures, and we will pursue these activities Group-wide.
3. Information Security Education
We will consistently conduct education and training on information security for officers and employees to maintain and deepen awareness of information security.
4. Response to Incidents and Accidents
We will strive to prevent incidents and accidents related to information security, and in the event of such an incident or accident, we will promptly respond with appropriate action, including preventive measures.
5. Legal Compliance
We will comply with laws and regulations on information security as well as rules and contractual security requirements.
6. Initiatives for Continuous Improvement
We will evaluate the security risks of information assets based on appropriate risk assessment to promote effective security measures. In addition, we will respond to changes in the management environment and progress in information technology by regularly reviewing our policies, rules, and measures to make continuous improvements.