ISO 27001 Certification

Tokyo Century Group has acquired the ISO 27001 international information security management systems certification standard with the goal of protecting information assets concerning our clients and those of the Group from threats such as unauthorized access, loss, leakage, revision, and destruction. As such, the Group engages in the appropriate protection and management of information assets companywide. Aiming to be a company trusted by society, the Group will continue to strive to ensure information security by working to further entrench adherence to ISO/IEC 27001 standards and by engaging in continuous improvement efforts.

bsi ISMS-AC ISMS ISR004 IS 91018/ISO 27001

ISO 27001 Scope of Certification

Certification has been acquired for the following offices of Tokyo Century and Group companies.

The following subsidiary has also individually obtained certification.

Basic Information Security Policy

Tokyo Century Group seeks to protect the information assets of business partners and of the Group from various security risks by laying out guidelines and related rules and regulations to carry out the following initiatives.

1. Protection of Information Assets

We will protect all information assets related to our business activities. In particular, we will designate information concerning our business partners and confidential information concerning the Group as vital information, and we will appropriately handle such information to protect it against illegal access, loss, leaks, falsification, and destruction.

2. System of Information Security Management

We will clarify the roles and responsibilities for information security through the Information Security Committee, as the organization for deliberating on information security, and a Chief Information Security Officer, as the person responsible for implementing related measures, and we will pursue these activities Group-wide.

3. Information Security Education

We will consistently conduct education and training on information security for officers and employees to maintain and deepen awareness of information security.

4. Response to Incidents and Accidents

We will strive to prevent incidents and accidents related to information security, and in the event of such an incident or accident, we will promptly respond with appropriate action, including preventive measures.

5. Legal Compliance

We will comply with laws and regulations on information security as well as rules and contractual security requirements.

6. Initiatives for Continuous Improvement

We will evaluate the security risks of information assets based on appropriate risk assessment to promote effective security measures. In addition, we will respond to changes in the management environment and progress in information technology by regularly reviewing our policies, rules, and measures to make continuous improvements.

Relevant links