| Risk Items |
Typical risk examples |
Response |
| Information Security |
- If an information security incident were to occur due to unforeseen circumstances, the Group's credibility could be damaged, its corporate image could be tarnished, or the ISMS certification could be revoked.
|
- Led by the Information Security Office under the supervision of a Director, the Company maintains and manages its ISMS (Information Security Management System) certification. In addition to building a secure information management structure, the Company strives to improve information literacy by sharing insights on the latest data breach incidents and other relevant knowledge throughout the organization as needed.
- All employees are required to attend an information security seminar annually and take a security test once a month.
- Regular infrastructure maintenance is performed. Applications and services used in business operations are examined for security by the ISMS project in advance, and only approved applications and services are used.
- Established the Information Leakage Prevention Office and its guidelines.
- When collaborating with suppliers, carefully examine the details of the collaboration in each case and promote the signing of NDAs.
|
| Personal Data Breach |
- In the event of a leakage of personal information due to unforeseen circumstances in the information management process, etc., there is a possibility that the Company may be subject to claims for substantial damages, revocation of Privacy Mark certification, or fines.
|
- Personal information protection regulations have been established to ensure that personal information is managed appropriately.
- Disclosing its personal information protection policy on the website, the Group has established action guidelines and guidelines that conform to these rules and policies, and it ensures thorough management of personal information through education and training.
- In January 2008, the group received the Privacy Mark certification.
|
| Litigation, etc. |
- In the event that users suffer damages due to a defect in the Group’s products caused by its negligence, its business performance may be affected due to monetary compensation or loss of trust.
- The potential for financial compensation and loss of trust in the event of the external leakage of medical institution information, including personal information, due to flaws in the internal information management system during data migration.
|
- The Group is prepared for the risk of compensation damages and expenses related to its IT business by purchasing liability insurance for such claims.
|
| Retaining and Training Right Talent |
- Failure to hire and train employees in a planned manner could affect the business expansion and prospects
|
- The Group will continue to strive to expand its workforce through ongoing recruiting activities and education and training programs.
|
| Intellectual Property Rights |
- The Group strives to protect its independently developed logic, products, etc. by acquiring intellectual property rights, such as patent rights, in Japan and overseas. However, if the third party may file a suit for damages or injunction against the use of the software, claiming infringement of its intellectual property rights, or seek monetary compensation for such a suit.
|
- The Group always conducts intellectual property rights verification by legal experts to ensure that new developments and improvements do not infringe on existing patents.
|
| Rapid spread of infectious diseases, among other things. |
- There is a possibility that the prolonged or delayed implementation of systems in major client medical institutions may have an impact on the performance of the Group.
|
- Developing services and functions that respond to societal trends.
|