Approaches to Information Security
TKC offers various information-related services through the constant use of the latest ICT to accounting firms and their clients, publicly-listed corporations and their subsidiaries and local governments. We recognize that ensuring information security is a priority in conducting our business activities and consider it our social responsibility.
Under this idea, to enable customers to use our information services without anxiety, we strive to safeguard information by establishing an information security framework in compliance with the certification standards for information security management system JIS Q 27001:2014 (ISO/IEC27001:2013), international standard for information security controls for cloud services (ISO/IEC27017), international standard for protection of personally identifiable information in public cloud services (ISO/IEC27018), laws and regulations concerning personal information protection, management system requirements for the protection of personal information (JIS Q15001:2006), and our company regulations.
Basic Policy for Information Security (Excerpt)
- 1. Objective
- The TKC Group offers various information-related services through the most appropriate use of the latest information and communication technology (ICT) on a constant basis to accounting firms and their clients and local governments. For the purpose of properly managing such information assets and to enable customers to use our services without anxiety, this Basic Policy for Information Security (“Basic Policy”) provides the basic measures and framework to ensure the security of any information within our Group based on the Cybersecurity Management Guidelines developed by the Ministry of Economy, Trade and Industry.
- 2. Basic Principles
-
- The TKC Group recognizes that ensuring information security is a management issue of the highest priority and will address it on a group-wide basis.
- The TKC Group will establish a framework in which every officer and employee holds a sense of ethics and complies with the laws and regulations, the rules stipulated by administrative bodies and other authorities, and our company regulations, and also makes continuous improvements thereof.
- If any incident that may pose a threat to the security of information is discovered, the TKC Group will conduct an analysis to identify the cause and determine and implement preventive measures.
The TKC Group's Basic Policy for Information Security (full text) can be found at:https://www.tkc.jp/security (Japanese)
Policy on Personal Information Protection
The TKC Corporation (the "Company"), an information service provider, duly recognizes the importance of protecting personal information and specific personal information (collectively "Personal Information") in a society utilizing IT. TKC has defined its policy on personal information protection as below, thereby declaring that it will commit to the protection of Personal Information on a company-wide basis.
- The Company will conduct awareness education and in-house training for officers and all employees of the Company to ensure full compliance with the Act on the Protection of Personal Information, the Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures, and other laws and regulations, as well as guidelines and other rules stipulated by the state, and will strive to manage Personal Information appropriately.
- When obtaining Personal Information from customers, the Company will notify the purpose of use and its customer contacts, and obtain any Personal Information on a need-to-know basis.
- Except in cases where doing so is required by law, the Company will not provide Personal Information to third parties without first obtaining the consent of the customers.
- To manage the Personal Information properly, the Company will appoint a chief administrator for each department handling the Personal Information of customers, and an administrator in charge of specific personal information and staff in charge of processes using specific personal information for each department handling specific personal information in particular.
- The Company will take measures that are technically and physically reasonable to prevent unauthorized access to and loss, destruction, leakage and falsification of the Personal Information.
- The Company will prohibit entrusting the handling of the Personal Information of customers without first obtaining the customers' consent.
- To ensure the security of the Personal Information of customers, the Company will review and improve its management system for personal information protection effectively and promptly.
- The Company will respond faithfully to inquiries, complaints and consultation on the Personal Information obtained from customers as well as to their requests on disclosure, corrections, addition/deletion, and suspension of use of Personal Information.
■ Established August 14, 2003
■ Revised January 1, 2005
■ Revised October 1, 2015
■ Revised April 9, 2021