Corporate Profile
Home › Corporate Profile › Business Outline › Lab Equipment in Pathology / Cytology / Immunology › Security Policy
Fundamental policy on medical device information security
STATEMENT
① Top-level policy
- a) We protect information assets related to medical devices and the supporting infrastructure from internal and external security threats and hazards.
- b) We protect confidential information on medical devices (e.g. personal data, customer data, intellectual property, etc.) from unauthorized acquisition or misuse by attackers.
- c) We protect users of medical devices and patients from internal and external security threats and hazards that may affect safety.
- d) We maintain the confidentiality, integrity and availability of the medical devices and the confidential information stored and processed by the medical devices.
- e) We establish and maintain policies, standards and procedures to ensure compliance with applicable laws, statutory, regulatory or contractual obligations, key industry practices and audit procedures.
- f) We establish, document, distribute and regularly review this policy and related security procedures to support maturity development and comply with applicable laws, statutes, regulations or contractual obligations and industry guidance.
② Security operating policy
- a) We establish and operate a security risk management process.
- b) We monitor industry sources of information on product threat events and incidents and establish and operate a threat event and incident handling process with processes for security triage.
③ Implementation of security measures and Support policy
a) Design and Development
- We establish and maintain a security-conscious product development lifecycle.
- We define the support period during which we will apply product security patches and updates to our customers.
b) Dealing with vulnerabilities
- We assign a person responsible for monitoring threat and vulnerability information to deal with vulnerabilities.
- If a critical vulnerability is found in our products, we will promptly implement the necessary response measures.
- We disclose security vulnerability information to our customers and other stakeholders, including the impact of security vulnerabilities on our products and the measures we have taken to address them.
c) Contracts and outsourcing
- We protect medical devices and confidential information generated, accessed, stored, transmitted, processed or otherwise handled by external third parties.
- Where appropriate, we are involved in the security design and implementation of externally sourced services and components and establish processes to assess security risks, including vendor risks.
- We require our suppliers to have contractual obligations to report and reduce security vulnerabilities in their products and services, where necessary.
d) Field services
- We establish and maintain a program to track medical devices sold or leased to healthcare provider organizations through distributors of our products.
- Through the distributors of our products, we ensure that the technical security requirements required of users are clearly defined and implemented.
- Where feasible, we will monitor the status of the customer's equipment using remote services.
- We establish and maintain a disposal process to ensure the erasure of confidential information.
September 15, 2021
Top Management, Laboratory Unit
Top Management, Laboratory Unit
