Security Policy

Japan MDC, LLC (“JMDC”) is a regulatory consulting firm for Medical Devices. JMDC provides a full range of regulatory support services by utilizing JMDC’s intellectual property based on confidential information disclosed to JMDC by its clients. Although JMDC has consistently implemented business ethics as a professional in its business conduct and has been striving for the establishment of an information management framework, JMDC has recognized the need to expressly reiterate its understanding that information security is one of the most important issues concerning the management and the business operation of JMDC. JMDC therefore establishes a basic policy on information security (the “Information Security Policy”) and will appropriately protect all information assets that JMDC deals with by ensuring that JMDC’s directors, officers and employees abide by the Information Security Policy set out below.

Establishment of Information Security Management System

JMDC ensures that all directors, officers and employees understand the importance of information security. JMDC establishes Information Security Management System to ensure appropriate management of information assets and continuously seeks to improve it.

Information Assets Protection

To appropriately protect information assets of JMDC and JMDC’s clients from threats to confidentiality, integrity and availability of such information assets and to ensure the continuity of JMDC’s business, JMDC formulates appropriate management plans for information assets of JMDC and JMDC’s clients for not only JMDC’s each department and subsidiaries, but also JMDC’s business partners, having regard to their business activities and the form of their business.

Management of Personal Information

JMDC prevents any leak or loss of, and damage to personal information, and implements necessary and appropriate measures to ensure that personal information is securely managed. In the event that incidents such as a leak of personal information occur, JMDC endeavors to minimize the damage by taking prompt action.

Education and Training

JMDC will continuously train and educate its directors, officers and employees to raise their awareness of information security and implement an information security system in all of its business activities.

Incident Response

JMDC implements appropriate measures to prevent incidents relating to information security. In the event that such incidents occur, not only JMDC promptly deals with such incidents, but also takes steps to prevent the recurrence of similar incidents.

Final revision date: 20 May 2008

page top