Information Security Initiatives
Basic Stance on Information Security
For the CTC Group, appropriate handling and safe management of information are important social responsibilities. By having employees recognize for themselves where the risks lie in the execution of their daily work duties, and work to improve upon those areas, we aim to achieve a security incident count of zero.
Information Security Promotion Structure
We have appointed our Chief Compliance Officer (CCO) as the senior member of staff responsible for the overall management of our group-wide CTC Group Information Security Management System (ISMS).
In addition to this, we have also assigned Information Management Supervisors (the general managers of each department) and appointed Information Management Leaders, who take the role of promoting and driving forward our information security management efforts.
The CTC Group has built an Information Security & Protection of Personal Information (POPI) Management System, integrating both information security and POPI, and which conforms to both ISMS (JIS Q 27001) and Privacy Mark (JIS Q 15001) standards. We are operating this system in the following ways.
- Developing of various regulations, standards and procedures
- Conducting educational and awareness raising activities relating to information security and POPI on an annual basis
- Obtaining written pledges from all corporate officers and employees on an annual basis
- Carrying out internal audits on an annual basis
- Conducting investigations/surveys on outside contractors on an annual basis
Handling confidential / personal information
At CTC we handle all of the information entrusted to us by our clients as confidential information; carrying out handover checks and exercising strict access management. Personal information obtained when informing clients of our seminars, etc., is obtained with prior consent of the individuals in question, and centrally managed using a dedicated system based on POPI-related standards. We also seek to enhance our security by implementing various technology-based management measures, as preventive measures against leaks or other unintended divulgences of information.
Moving forward, we will continue to implement further security measures against new threats, with the safe and secure handling of information entrusted to us by our clients as our highest priority.
As a result of our efforts, no violations of laws or regulations have taken place within the CTC Group with regard to information security over the last three years.