The Internal Control Department of Tokio Marine Holdings supervises information security for the entire Group as the controlling department while sections in charge of information security have been established at each Group company. In this manner, the Group is working to build an effective management structure for information security.
Initiatives for Information Security
We thoroughly adhere to information security management rules to prevent information leakages. In particular, each Group company is adopting physical and technological safety-control measures that include locking away customers’ personal information and confidential documents when not in use, placing restrictions on taking documents and other items outside the company, and using encryptions and setting passwords for electronic information.
In fiscal 2010, Tokio Marine & Nichido introduced thin-client* terminals for its in-house intranet. Thin-client terminals are not equipped with hard disks and information is centrally managed and deployed from a server, which thereby further strengthens information security.
A method whereby the PC environment (client OS and applications) for each user is consolidated into and operated by the server
Acquisition of External Certification
Tokio Marine Group has acquired external certification for information security that includes the Privacy Mark and Information Security Management System (ISMS) certifications. These achievements recognize the initiatives taken within the Group to protect personal information. The Group intends to make continuous improvements and to strengthen further its information security management structure.
Status of acquiring external certifications related to information security
|Group Member Company||Certification Month and Year||Certification Acquired|
|Tokio Marine & Nichido Communications||March 2006||ISMS|
|Tokio Marine & Nichido Systems||August 2006
|Tokio Marine & Nichido Risk Consulting||June 2007||Privacy Mark|
|Tokio Marine & Nichido Medical Service
(Health Promotion Dept.)
Third-party certification system on operational management of IT services (ISO/IEC 20000)
Protection of Personal Information
The Tokio Marine Group (the “Group”) is committed to the continuous enhancement of corporate value, with customer trust at the foundation of all its activities. Guided by this corporate philosophy, we, the Group, shall comply with the Act on the Protection of Personal Information, Act on the Use of Numbers to Identify a Specific Individual in the Administrative Procedure and other relevant laws, rules, regulations and guidelines, appropriately manage personal information, as well as individual number and specific personal information (hereinafter referred to as “Specific Personal Information, etc.”) as described below, and implement other appropriate security measures for the protection of personal information of our customers.
- We shall acquire personal information and Specific Personal Information, etc. of our customers in a manner that is both legal and fair. Unless prescribed by law, rule or regulation, we shall notify or publicize the purposes for using personal information and Specific Personal Information, etc. of our customers and shall use such information within these limits.
- Unless prescribed by law, rule or regulation, we shall not provide personal information of our customers to third parties without prior consent of each such customer. We do not provide Specific Personal Information, etc. to third parties except in cases provided by law. There shall be no joint use of Specific Personal Information, etc. with Group companies and business partners.
- We shall strive to prevent the divulgence, destruction, impairment and unauthorized access of personal information and Specific Personal Information, etc. of our customers. When we contract out the management of personal information and Specific Personal Information, etc. of our customers to an outside service provider, we shall supervise the service provider appropriately, as needed.
- Whenever we receive requests from our customers to view or update their personal data and Specific Personal Information, etc. that we hold, we shall respond promptly in accordance with laws, rules and regulations. We also welcome comments and questions regarding the management of personal information and Specific Personal Information, etc. of our customers.
- We shall provide thorough supervision, instructions and education to our employees who handle personal information and Specific Personal Information, etc. of our customers to ensure that such information is managed appropriately.
- We shall continue to revise and aim to improve our internal systems and procedures to protect the personal information of our customers.
- Adopted on February 7, 2005
- Revised on July 1, 2008
- Revised on October 5, 2015