MENU

  1. Home
  2. Governance
  3. Information Security

Information Security

The Internal Control Department of Tokio Marine Holdings supervises information security for the entire Group as the controlling department while sections in charge of information security have been established at each Group company. In this manner, the Group is working to build an effective management structure for information security.

Initiatives for Information Security

We thoroughly adhere to information security management rules to prevent information leakages. In particular, each Group company is adopting physical and technological safety-control measures that include locking away customers’ personal information and confidential documents when not in use, placing restrictions on taking documents and other items outside the company, and using encryptions and setting passwords for electronic information.

In fiscal 2010, Tokio Marine & Nichido introduced thin-client* terminals for its in-house intranet. Thin-client terminals are not equipped with hard disks and information is centrally managed and deployed from a server, which thereby further strengthens information security.

  • *
    A method whereby the PC environment (client OS and applications) for each user is consolidated into and operated by the server

Acquisition of External Certification

Tokio Marine Group has acquired external certification for information security that includes the Privacy Mark and Information Security Management System (ISMS) certifications. These achievements recognize the initiatives taken within the Group to protect personal information. The Group intends to make continuous improvements and to strengthen further its information security management structure.

Status of acquiring external certifications related to information security

Group Member Company Certification Month and Year Certification Acquired
Tokio Marine & Nichido Communications March 2006 ISMS
Tokio Marine & Nichido Systems August 2006
December 2006
ISMS ITSMS*
Tokio Marine & Nichido Risk Consulting June 2007 Privacy Mark
Tokio Marine & Nichido Medical Service
(Health Promotion Dept.)
September 2007 ISMS
  • *
    Third-party certification system on operational management of IT services (ISO/IEC 20000)

Protection of Personal Information

In the area of personal information on customers, Tokio Marine Group has formulated and released the Tokio Marine Group Privacy Policy, which clarifies the Group policy for dealing with such information. At the same time, each Group company formulates and releases a policy of its own in accordance with the Privacy Policy.

Privacy Policy

Tokio Marine Group Privacy Policy

The Tokio Marine Group (the “Group”) is committed to the continuous enhancement of corporate value, with customer trust at the foundation of all its activities. Guided by this corporate philosophy, we, the Group, shall comply with the Act on the Protection of Personal Information, Act on the Use of Numbers to Identify a Specific Individual in the Administrative Procedure and other relevant laws, rules, regulations and guidelines, appropriately manage personal information, as well as individual number and specific personal information (hereinafter referred to as “Specific Personal Information, etc.”) as described below, and implement other appropriate security measures for the protection of personal information of our customers.

  • *
    “Personal information” and “personal data” provided in this Privacy Policy exclude Specific Personal Information, etc.
  1. We shall acquire personal information and Specific Personal Information, etc. of our customers in a manner that is both legal and fair. Unless prescribed by law, rule or regulation, we shall notify or publicize the purposes for using personal information and Specific Personal Information, etc. of our customers and shall use such information within these limits.
  2. Unless prescribed by law, rule or regulation, we shall not provide personal information of our customers to third parties without prior consent of each such customer. We do not provide Specific Personal Information, etc. to third parties except in cases provided by law. There shall be no joint use of Specific Personal Information, etc. with Group companies and business partners.
  3. We shall strive to prevent the divulgence, destruction, impairment and unauthorized access of personal information and Specific Personal Information, etc. of our customers. When we contract out the management of personal information and Specific Personal Information, etc. of our customers to an outside service provider, we shall supervise the service provider appropriately, as needed.
  4. Whenever we receive requests from our customers to view or update their personal data and Specific Personal Information, etc. that we hold, we shall respond promptly in accordance with laws, rules and regulations. We also welcome comments and questions regarding the management of personal information and Specific Personal Information, etc. of our customers.
  5. We shall provide thorough supervision, instructions and education to our employees who handle personal information and Specific Personal Information, etc. of our customers to ensure that such information is managed appropriately.
  6. We shall continue to revise and aim to improve our internal systems and procedures to protect the personal information of our customers.
  • Adopted on February 7, 2005
  • Revised on July 1, 2008
  • Revised on October 5, 2015