Information Security

Information Security Initiatives

Basic Stance on Information Security

For the CTC Group, appropriate handling and safe management of information are important social responsibilities. By having employees recognize for themselves where the risks lie in the execution of their daily work duties, and work to improve upon those areas, we aim to achieve a security incident count of zero.

Click here to see more details of our Basic Information Security Policy

Information Security Promotion Structure

We have appointed our Chief Compliance Officer (CCO) as the senior member of staff responsible for the overall management of our group-wide CTC Group Information Security Management System (ISMS).
In addition to this, we have also assigned Information Management Supervisors (the general managers of each department) and appointed Information Management Leaders, who take the role of promoting and driving forward our information security management efforts.


The CTC Group has built an Information Security & Protection of Personal Information (POPI) Management System, integrating both information security and POPI, and which conforms to both ISMS (JIS Q 27001) and Privacy Mark (JIS Q 15001) standards. We are operating this system in the following ways.

  • Developing of various regulations, standards and procedures
  • Conducting educational and awareness raising activities relating to information security and POPI on an annual basis
  • Obtaining written pledges from all corporate officers and employees on an annual basis
  • Carrying out internal audits on an annual basis
  • Conducting investigations/surveys on outside contractors on an annual basis

Handling confidential / personal information

At CTC we handle all of the information entrusted to us by our clients as confidential information; carrying out handover checks and exercising strict access management. Personal information obtained when informing clients of our seminars, etc., is obtained with prior consent of the individuals in question, and centrally managed using a dedicated system based on POPI-related standards. We also seek to enhance our security by implementing various technology-based management measures, as preventive measures against leaks or other unintended divulgences of information.
Moving forward, we will continue to implement further security measures against new threats, with the safe and secure handling of information entrusted to us by our clients as our highest priority.
In September 2021, one case of inappropriate handling of personal information occurred.
We will thoroughly educate our employees on personal information protection and information security, continuing our efforts to further strengthen our information management system.

Click here to see more details of our POPI Policy

  • Tweet about this page on Twitter (Open link in new window)
  • Share this page on Facebook (Open link in new window)