オプティマ・ソリューションズ List of Products and Services

"When is the expiration date for the Privacy Mark (P Mark)?" "How can I renew the P Mark, and what documents are needed?" "What should I do if the expiration date of the P Mark has passed?" The P Mark (Privacy Mark) is a symbol of trust for companies and organizations that properly manage personal information. However, obtaining it is not the end; regular renewal is necessary. This article will provide detailed explanations about the expiration date of the P Mark, renewal methods, required documents, and how to respond in case of expiration. *For more detailed information, please refer to the attached PDF document. Feel free to contact us for further inquiries.*

• others

When using a computer or smartphone, there are times when the behavior suddenly becomes strange or an error occurs. One of the causes of this is malware infection. In fact, there may be people who have experienced being infected with malware. In this article, we will provide a detailed introduction to the symptoms, countermeasures, and prevention methods for malware infections. *You can view the detailed content of the article in the attached PDF document. For more information, please feel free to contact us.*

• others

We have compiled a list of frequently asked questions!

• ISO-related consultant

News about the leakage of personal data managed by companies is reported almost daily. Many of you may have heard about it frequently. There seems to be an increasing impression of the rising danger year by year, and there are likely many people who feel anxious about it. When personal data, such as customer information, is leaked to the outside, various damages can occur not only to the companies managing the data but also to the individuals whose data has been leaked. In this article, we will focus on the types of damages that occur when personal information is leaked, as well as provide an overview of personal data leaks, how to respond when a leak occurs, and preventive measures. *For detailed content of the column, please refer to the PDF. For more information, feel free to contact us.*

• Other security

"How do I apply for renewal after obtaining the P Mark?" I believe many people have this question. In this article, I will explain how to proceed with the P Mark renewal application, the necessary documents, and the costs involved. By reading this article, you should be able to understand how to obtain the P Mark for the first time and how to apply for renewal. I hope this will be helpful as you proceed with your P Mark renewal application. *For detailed content of the column, you can view it in PDF format. Please feel free to contact us for more information.*

• Other security

Are you familiar with the system "ISMS" that manages company information? Currently, it has become essential for companies to implement information security measures. By establishing a system to manage information appropriately, companies can protect themselves from risks such as information leaks. ISMS is well-known as a certification related to information security. Since it is based on international standards, it becomes easier to gain trust from business partners. In this article, we will explain what ISMS is and what benefits it offers for those who have questions about it. *For detailed content of the column, please refer to the PDF. For more information, feel free to contact us.*

• Other security

With the expansion of business operations, many may feel that the increase in internal information systems and networks has heightened the security risks of information leakage and cyber attacks. One of the challenges is that sufficient awareness of information security has not permeated the organization, and you may be in the process of gathering information to obtain certifications related to information security. In this article, we will introduce five key preparations necessary to acquire the international standard for information security, ISMS (ISO 27001), focusing on five main points. *For detailed content of the column, please refer to the PDF. For more information, feel free to contact us.*

• Other security

The spread of telework, the globalization of business, and the acceleration of DX (digital transformation) have made strengthening cybersecurity an urgent task for many companies. Some may think, "Our company has security software, so we are fine." However, do you truly understand what threats that software can address and what measures are actually being implemented? Ad-hoc measures such as "It seems to have a good reputation" or "We implemented it just to be safe" will not protect the organization when faced with a cyberattack. This article will clearly explain the basics of cybersecurity. *You can view the detailed content of the article in the PDF. For more information, please feel free to contact us.*

• ISO-related consultant

The improvement of communication environments and the emergence of various tools and services have led to an era where one can choose a flexible working style that is not constrained by time or location. Confidential information necessary for business can also be easily accessed without being in the office by utilizing cloud services. However, it is also true that the more convenient things become, the more likely information assets are to be targeted. In this article, I would like to provide a detailed explanation of one such attack method that targets information assets: spear phishing attacks. *You can view the detailed content of the article in the PDF. For more information, please feel free to contact us.*

• ISO-related consultant

One of the methods of cyber attacks that has been increasing in recent years is "targeted attack emails." In the past, government agencies and large corporations were the primary targets, but recently, small and medium-sized enterprises have also become targets. This means that it is not unusual for anyone to become a victim at any time. In this article, we will introduce "targeted attack emails," focusing on key points you should know to prevent your valuable information assets from being stolen. *For more detailed information, please refer to the PDF. Feel free to contact us for further inquiries.*

• Personal authentication
• ISO-related consultant

Business cards are one of the important tools for information exchange in the business field. However, since they contain personal information, companies that have obtained the Privacy Mark (P Mark) are required to implement strict management. In this article, we would like to explain the key points of business card management that companies with the P Mark should keep in mind, while addressing common questions. *For detailed content of the article, please refer to the PDF. For more information, feel free to contact us.*

• Personal authentication

Do you know the proper way to set and handle passwords? Many people might think, "Honestly, setting a password is a hassle." From a security perspective, some may have experienced being rejected because "the entered password is already in use" or "the string is too simple." This time, from a security standpoint, we will introduce recommended methods for setting realistic passwords suitable for companies that have obtained the P mark, as well as management methods for multiple passwords. *You can view the detailed content of the article in the PDF. For more information, please feel free to contact us.

• Personal authentication

Companies that have obtained the P Mark have a responsibility to conduct employee training at least once a year to ensure that their employees can appropriately handle the personal information held by the company. In our consultations, where we have supported over 3,000 companies in obtaining P Mark and ISMS certification, the most common concerns are: "How much should we teach in employee training?" "How should we create tests related to personal information?" "What is the difference between P Mark education and ISMS education?" In this article, we will explain the four necessary educational contents for the P Mark, the flow of employee training for the operation and implementation of the P Mark, and the differences between P Mark education and ISMS education. *For detailed content of the article, please refer to the PDF. For more information, feel free to contact us.

• Personal authentication

This article explains the "confirmation of operations" in obtaining and maintaining the Privacy Mark (P Mark). In particular, it is aimed at those who want to understand the significance and methods of "confirmation of operations," how to address issues when they are discovered, and the differences from internal audits. *For detailed content of the article, you can view it in PDF format. Please feel free to contact us for more information.

• Personal authentication

Traditional security measures were based on the premise that important information and those who access it exist within the company. However, in recent years, the increase in the use of cloud services and telecommuting has led to information assets existing both in the cloud and on devices, making it no longer sufficient to strengthen security measures only within the company. This time, I would like to provide a more detailed introduction to the essential information security policies necessary to protect the company from various risks, aimed at those seeking to obtain ISMS (ISO 27001) certification. *For detailed content of the article, please refer to the PDF. For more information, feel free to contact us.*

• ISO-related consultant

As you start considering obtaining ISMS certification and begin to research surrounding information, you may come across a certification body called "ISMS-AC." It is well known that in order to obtain ISMS certification, it is necessary to receive audit services from a certification body, but many people may not have a good understanding of this ISMS certification body. Therefore, in this article, we will explain: - About ISMS-AC - Certification bodies accredited by ISMS-AC and other certification bodies - Differences from JIPDEC *You can view the detailed content of the article in the PDF. For more information, please feel free to contact us.*

• ISO-related consultant

This time's "Easy-to-Understand Security Glossary" is "Personal Information Protection Management System (abbreviated as: PMS)." Regarding the Personal Information Protection Management System, the standard to which the Privacy Mark conforms defines it as follows: The Personal Information Protection Management System is a management system that includes policies, structures, plans, implementation, audits, and reviews for the protection of personal information used by businesses in their operations (from JIS Q 15001). *For detailed content of the article, please refer to the PDF. For more information, feel free to contact us.

• Personal authentication

Many people recognize malware, a type of cyber attack, as a threat to be cautious about. However, there are cases where the difference between malware and viruses is unclear, or where individuals cannot envision what specific measures should be taken within a company. Therefore, this article will explain: - An overview of malware and its types - How infections occur - Measures to prevent malware infections *The detailed content of the article can be viewed in the PDF. For more information, please feel free to contact us.*

• ISO-related consultant

Have you ever heard the term "E-Learning"? Some of you may have heard of it but might not fully understand what it means, so let me explain briefly. E-Learning refers to a method of education and learning that utilizes electronic technology. Since it allows for learning without being restricted by time or place, it is widely used not only in educational services such as universities, cram schools, and certification courses, but also in corporate training programs. In this article, I would like to explain the benefits of conducting regular training and internal training for P Mark/ISMS through E-Learning. *You can view the detailed content of the article in the PDF. For more information, please feel free to contact us.*

• ISO-related consultant
• Distance learning/E-learning

The main purpose of utilizing the ISMS certification support service is to efficiently and accurately obtain certification for the Information Security Management System (ISMS). I would like to introduce the benefits of using the ISMS certification support service for companies seeking to obtain certification for the international standard for information security, ISO 27001, as well as the cost estimates that may be of interest. *For detailed content of the article, please refer to the PDF. For more information, feel free to contact us.*

• ISO-related consultant

Obtaining ISMS certification is not as simple as just gathering the necessary documents and applying; it requires undergoing an examination by a certification body. In this article, we will address the following questions for those considering obtaining ISMS: - I want to know about the ISMS examination. - I don't understand the examination process or key points. - What should I do if I become non-compliant? We will explain the flow of the ISMS examination and how to respond in the event of non-compliance. *For detailed content of the article, you can view it in PDF format. Please feel free to contact us for more information.*

• ISO-related consultant

Do you all know about the "Trojan Horse"? It is said to have first appeared in 1975, and as the internet became widely popular, it spread as malware that causes damage to computers. It is such a well-known piece of malware that even those without specialized security knowledge may have heard its name at least once. Even nearly 50 years after its initial appearance, the Trojan Horse continues to cause damage. This time, we will clearly introduce its attack methods and effective countermeasures. *You can view the detailed content of the article in the PDF. Please feel free to contact us for more information.

• ISO-related consultant

Do you know the requirements for internal audit personnel? In ISMS, it is necessary to conduct internal audits to check that the rules are being properly implemented. However, there are specific requirements to become a responsible person, so not just anyone can take on this role. In this article, we will explain: - The flow of internal audits - The requirements for those in charge of internal audits - The responsibilities of internal audit personnel *You can view the detailed content of the article in the PDF. For more information, please feel free to contact us.*

• ISO-related consultant

For companies considering obtaining a Privacy Mark (P Mark), many may be concerned about the formulation of a privacy policy. In this article, we will explain the privacy policy, focusing on its relationship with the P Mark, for those who want to know: - What is a privacy policy? - Is there a difference between a privacy policy and a personal information protection policy? - How to create a privacy policy? *You can view the detailed content of the article in the PDF. For more information, please feel free to contact us.*

• Other security

Do you know about the requirements of the system for properly managing organizational information, ISMS? Even if you want to obtain ISMS, some people might give up because they think, "I don't know how to obtain it" or "It seems difficult." In this article, we will explain the requirements of ISMS and how to obtain it for those who: - Want to know about the requirements of ISMS - Don't know what to do to obtain ISMS - Are wondering what ISMS actually is *You can view the detailed content of the article in the PDF. Please feel free to contact us for more information.

• ISO-related consultant

ISMS is a framework built based on the international standard for information security, ISO/IEC 27001, which defines the processes and procedures for organizations to properly manage and protect their information assets. When we hear about information security, it may seem like a topic limited to certain industries, but the types of industries that obtain certification are diverse. So, which industries are actually paying attention to this, and what is the process for obtaining certification? From the perspective of a professional who has seen many different workplaces, I will explain it in an easy-to-understand manner. *For detailed content of the article, you can view it in the PDF. For more information, please feel free to contact us.*

• ISO-related consultant

One of the benefits of obtaining ISMS certification is the ability to use the ISMS (ISO 27001) certification mark. There may be those who want to understand the conditions and points of caution regarding the use of the ISMS (ISO 27001) certification mark, commonly referred to as the logo mark. Therefore, in this article, we will explain: - What the ISMS certification mark (logo mark) is - The conditions for using the ISMS certification mark (logo mark) - Points of caution when using the ISMS certification mark (logo mark) *You can view the detailed content of the article in the PDF. For more information, please feel free to contact us.

• ISO-related consultant

This time, the "Easy-to-Understand Security Terminology" is "Sensitive Personal Information." Sensitive personal information refers to personal information defined by the Personal Information Protection Act, which requires special consideration in its handling to prevent unfair discrimination, prejudice, or other disadvantages from arising. In the event of a leak or misuse, it can cause significant disadvantages to the individual. Therefore, restrictions are placed on its acquisition and use. Additionally, even when acquiring such information, it is necessary to obtain the individual's consent thoroughly and implement strict safety management measures, requiring more consideration than ordinary personal information. *For detailed content of the article, you can view it in PDF format. Please feel free to contact us for more information.*

• Personal authentication

This time's "Easy-to-Understand Security Glossary" is about the "Personal Information Protection Management System (abbreviated as PMS)." The Personal Information Protection Management System (PMS) refers to a series of mechanisms that companies and organizations use to protect personal information. It involves formulating a "Personal Information Protection Policy" on how to safeguard personal information, and through the PDCA cycle, it establishes a system for continuously improving the management of personal information in accordance with that policy. *For detailed content of the article, you can view it in the PDF. Please feel free to contact us for more information.

• Personal authentication

This time's "Easy-to-Understand Security Glossary" is about "The Purpose of Using Personal Information." In the Personal Information Protection Act, "personal information" refers to information related to a living individual that can identify a specific person through details such as name, date of birth, address, and facial photographs. Many pieces of information alone cannot identify an individual, but the likelihood of identifying a specific person increases when combined with other information. For this reason, the Personal Information Protection Act requires the broad protection of information that can identify individuals. *You can view the detailed content of the article in the PDF. For more information, please feel free to contact us.*

• Personal authentication

This time's "Easy-to-Understand Security Glossary" is "My Number." Since October 2015, a 12-digit unique number has been assigned to each individual. This is commonly known as "My Number." Formally, it is referred to as "Personal Number." This My Number is used for administrative procedures related to social security, taxation, and disaster response. Therefore, it is a system that also pertains to all companies that employ staff. *For more detailed information, you can view the PDF. Please feel free to contact us for more details.

• Personal authentication

This time, the "Easy-to-Understand Security Glossary" is about the "My Number Card." Since January 2016, it has become necessary to enter your My Number (individual number) when carrying out tax and social security procedures. This individual number is listed on the "Notification Card," which is sent by simple registered mail. There may still be some people who have not yet received their Notification Card, but those individuals should contact their local government immediately. In the future, the My Number will be required in various situations, so once the Notification Card arrives, be sure to keep it safe. *You can view the detailed content of the article in the PDF. For more information, please feel free to contact us.

• Personal authentication

Have you ever heard the term "social engineering"? Some of you may be hearing it for the first time, or you may have heard it before but don't quite understand its meaning. This time, I would like to explain social engineering from various angles in a way that is easy to understand for those who may be unfamiliar with it. *You can view the detailed content of the article in the PDF. For more information, please feel free to contact us.*

• ISO-related consultant

This time's "Easy-to-Understand Security Glossary" is from the Japan Institute for Promotion of Digital Economy and Community (JIPDEC). When studying the Privacy Mark, you will come across terms such as "Japan Institute for Promotion of Digital Economy and Community" and "JIPDEC." This time, I would like to explain about the Japan Institute for Promotion of Digital Economy and Community (JIPDEC). The Japan Institute for Promotion of Digital Economy and Community is one of the general incorporated foundations. In English, it is referred to as "Japan Institute for Promotion of Digital Economy and Community" (JIPDEC). *For detailed content of the article, you can view it in the PDF. Please feel free to contact us for more information.

• ISO-related consultant

This time's "Easy-to-Understand Security Glossary" is "Chief Privacy Officer (CPO)." Recently, there have been increasing cases of hearing positions such as CEO, COO, and CFO. CEO stands for Chief Executive Officer, which is the highest executive officer. Since this person holds all responsibility for the management of the company, it is usually safe to think of them as the chairman or president. COO stands for Chief Operating Officer, which is the highest operating officer, and CFO stands for Chief Financial Officer, which is the highest financial officer. While such positions have been established in foreign companies for some time, there is an increasing trend of Japanese companies adopting CxO titles. *For more detailed information, you can view the PDF. Please feel free to contact us for more details.

• ISO-related consultant

ISMS certification is a system in which the Japan Information Economy Society Promotion Association (abbreviated as JIPDEC) certifies businesses that have internally established an information security framework based on the information security standard "ISO 27001" and appropriately handle information security, allowing them to use the ISMS mark. The official name is "ISMS Conformity Assessment System." It is often referred to as "ISO 27001" using the standard name. "ISMS certification" and "ISO 27001" refer to the same system. For businesses obtaining ISMS certification, undergoing third-party checks regarding the handling of information security and the information security framework increases credibility from an external perspective, providing the advantage of being able to convey a sense of security to customers and business partners. *For detailed content of the article, please refer to the PDF. For more information, feel free to contact us.

• ISO-related consultant

- I want to know what is involved in the ISMS renewal audit. - I want to know how much it costs for maintenance audits and renewal audits. I believe many information system managers are thinking the same way. In this article, we will explain the contents, procedures, and costs related to ISMS maintenance audits and renewal audits. For those who are considering obtaining ISMS or those who will be undergoing maintenance or renewal audits, please use this article as a reference and prepare for the audit. *You can view the detailed content of the article in the PDF. For more information, please feel free to contact us.

• ISO-related consultant

Our company held a free seminar focused on "International Standard ISO 42001 (AI Management System Certification)" at a venue in front of Shimbashi Station, where our office is located. Regarding ISO 42001 (AIMS), there are many uncertainties as it is a new standard, but our consultant Ubukata, an information security specialist, explained the overview of the standard, the current status of the certification system, and the benefits of engaging with it, based on what is known at this stage. 【Free Seminar Overview *Registration Closed】 ■ Date and Time: April 16, 2025 (Wednesday) 14:30 - 16:45 (Registration starts at 14:00) ■ Location: AP Shimbashi (in front of JR Shimbashi Station) ・ 1-12-9 Shimbashi Place 3F, Minato-ku, Tokyo 105-0004 ■ Cost: Free 【Recommended for those who want to know】 ■ What is ISO 42001 (AIMS certification)? ■ What is the relationship with ISMS (ISO 27001)? ■ Has the auditing started? ■ I want to know what is currently understood. *For more details, please check the link below or feel free to contact us.

• Management Seminar

This time, the "Easy-to-Understand Security Glossary" is about "Physical Security Management Measures." As a review, the "Security Management Measures for Personal Information Protection" consist of four types: "Organizational Security Management Measures," "Human Security Management Measures," "Physical Security Management Measures," and "Technical Security Management Measures." This time, let's explain "Physical Security Management Measures." The "Guidelines for the Protection of Personal Information in the Economic Sector" published by the Ministry of Economy, Trade and Industry defines "Physical Security Management Measures" as "measures for managing access to and from facilities (rooms), preventing the theft of personal data, etc." *For more detailed information, you can view the PDF. Please feel free to contact us for more details.

• ISO-related consultant

This time, the "Easy-to-Understand Security Terminology" is "Organizational Security Management Measures." The "Guidelines for the Economic and Industrial Fields Concerning the Personal Information Protection Law" require the implementation of four security measures: "Organizational Security Management Measures," "Human Security Management Measures," "Physical Security Management Measures," and "Technical Security Measures." From this time onward, I would like to look at each of these security management measures. This time, I would like to explain one of them, "Organizational Security Management Measures." *For detailed content of the article, you can view it in the PDF. For more information, please feel free to contact us.*

• ISO-related consultant

This time's "Easy-to-Understand Security Terminology" is "Provision of Personal Information." First, as a review, personal information includes not only name, gender, date of birth, and address, but also attributes such as an individual's body, property, occupation, and title, as well as information that is publicly available through evaluation information and publications, as well as information conveyed through images/audio. When a personal information handling business operator provides personal information collected to a third party, it is necessary to obtain the consent of the individual. When obtaining the information or when intending to start providing it, it is important to clearly state content that will help the individual's judgment, such as "This personal information will be provided to ●● for the purpose of ●●," and obtain consent. *For detailed content of the article, you can view it in the PDF. For more information, please feel free to contact us.

• ISO-related consultant

This time's "Easy-to-Understand Security Glossary" is about "Consent of the Individual in Handling Personal Information." Article 16 of the Act on the Protection of Personal Information states, "Personal information handling businesses must not handle personal information beyond the scope necessary to achieve the purpose of use specified in the preceding article without obtaining prior consent from the individual." Additionally, Article 23 states, "Personal information handling businesses must not provide personal data to third parties without obtaining prior consent from the individual, except in the following cases." From this, it can be understood that "consent of the individual" is essential when handling personal information. *For detailed content of the article, please refer to the PDF. For more information, feel free to contact us.

• ISO-related consultant

This time's "Easy-to-Understand Security Glossary" is about the "Privacy Mark System." The Privacy Mark System is a certification system for businesses that handle personal information appropriately, in accordance with the Japanese Industrial Standard "JIS Q 15001:2017 Personal Information Protection Management System - Requirements." In other words, only those companies and organizations that have established and are operating a personal information protection management system, as confirmed by a third party, are allowed to use the Privacy Mark. *For more detailed information, you can view the PDF. Please feel free to contact us for more details.

• ISO-related consultant

This time, the "Easy-to-Understand Security Terminology" is "Human Security Management Measures." In explaining "Security Management Measures," the Ministry of Economy, Trade and Industry guidelines state that it is required to implement four types of security management measures: "Organizational Security Management Measures," "Human Security Management Measures," "Physical Security Management Measures," and "Technical Security Management Measures." This time, we will focus on the second one, Human Security Management Measures. Regarding "Human Security Management Measures," the Ministry of Economy, Trade and Industry guidelines define it as "the conclusion of non-disclosure agreements regarding business secrets and designated personal data with employees, as well as conducting education and training, etc." *For detailed content of the article, you can view it in the PDF. Please feel free to contact us for more information.

• Other security

This time, the "Easy-to-Understand Security Glossary" is about "Technical Security Measures." The guidelines regarding the protection of personal information established by the Personal Information Protection Commission clearly state that companies handling personal information must take security measures to prevent the leakage, loss, or damage of personal data, and these measures are referred to as "safety management measures." There are four types of "safety management measures for personal information protection": "organizational safety management measures," "human safety management measures," "physical safety management measures," and "technical safety management measures." This time, we will explain the last one, "technical safety management measures." *For detailed content of the article, you can view it in the PDF. For more information, please feel free to contact us.

• Other security