オプティマ・ソリューションズ List of Products and Services

This time's "Easy-to-Understand Security Glossary" is "Personal Information Handling Business Operators." Personal information handling business operators are a concept defined by the Personal Information Protection Law, and in practice, it includes almost all companies, organizations, and individuals. Personal information handling business operators have various obligations stipulated by the Personal Information Protection Law, such as "must safely manage personal data and supervise employees and contractors" and "must not provide personal data to third parties without obtaining the individual's consent." If they violate these obligations, they will face penalties. *For detailed content of the article, you can view it in the PDF. For more information, please feel free to contact us.

• Other security

This time, the "Easy-to-Understand Security Terminology" is about the definition of "personal information." All information related to an individual is considered "personal information." Therefore, not only "video recorded by security cameras" and "email addresses," but also publicly available information such as "official gazettes," "telephone directories," and "staff directories" falls under personal information. In other words, there is much more information that qualifies as "personal information" than one might imagine. *For detailed content of the article, you can view it in the PDF. Please feel free to contact us for more information.

• Other security

This time's "Easy-to-Understand Security Glossary" is about "Rights Related to Personal Information." Regarding these "Rights Related to Personal Information," there is a provision in "JIS Q 15001" titled "3.4.4.1 Rights Related to Personal Information." In simple terms, it states that "when the owner of personal information requests the disclosure, correction, addition, deletion, suspension of use, or provision of their personal information, the business handling that personal information must respond without delay." *For detailed content of the article, you can view it in the PDF. Please feel free to contact us for more information.*

• Other security

Did you know that over 50,000 companies worldwide have obtained ISMS certification? In Japan, more than 8,000 certifications have been acquired. Considering that the number of certified companies was about 140 in 2002, it is evident that there has been a significant increase over the past 20 years. "Why are so many companies obtaining ISMS certification?" "Does my company also need ISMS?" To address these questions, this article will resolve concerns regarding Information Security Management Systems (ISMS) from the perspective of professional consultants. *For detailed content of the article, please refer to the PDF. For more information, feel free to contact us.*

• ISO-related consultant

This time, we will discuss "safety management measures" under the Personal Information Protection Act. The Ministry of Economy, Trade and Industry has published guidelines regarding the "Law on the Protection of Personal Information" aimed at the economic and industrial sectors. In the latest revision, the strengthening of safety management measures has become a key point in response to a large-scale leak of personal information from a major correspondence education company. Let’s take a look at what these "safety management measures" are. *For detailed content of the article, please refer to the PDF. For more information, feel free to contact us.*

• ISO-related consultant

Personal information is often referred to as such, but what is the official definition? How far does it extend? In this article, we will specifically introduce what "personal information" means in the context of the P Mark and discuss the extent of what constitutes personal information. The Personal Information Protection Law limits it to "living individuals," but JIS Q 15001: 2006 (Personal Information Protection Management System - Requirements) includes a definition that also encompasses "information about deceased individuals." *For more detailed content of the article, you can view it in the PDF. Please feel free to contact us for more information.

• ISO-related consultant

This time, the "Easy-to-Understand Security Terminology" is "Supervision of Outsourcing Partners." Incidents of personal information leaks continue to occur. It seems that not only are there cases where the operations of companies holding personal information are problematic, but there are also many incidents of leaks from outsourced companies. Currently, many companies are increasing their opportunities to conduct business not only with their own company but also with group companies and partner companies. In the past business practices, when there was a problem with an outsourcing partner, it was mostly the case that the responsibility fell on the outsourcing partner. *For detailed content of the article, please refer to the PDF. For more information, feel free to contact us.

• ISO-related consultant

This time's "Easy-to-Understand Security Glossary" is "Clear Desk/Clear Screen." As a fundamental aspect of the information security measures established by companies, there are "Clear Desk" and "Clear Screen." A Clear Desk means "not leaving documents or storage media on the desk when stepping away." Literally, it is about cultivating the habit of ensuring that personal information or confidential documents, such as papers or USB drives containing sensitive information, are not left on one's desk when leaving for home or going out. *For more detailed information, you can view the PDF. Please feel free to contact us for more details.

• ISO-related consultant

In recent years, the damage caused by ransomware has been increasing both domestically and internationally. The targets of these attacks are not only large corporations but also widely extend to small and medium-sized enterprises. However, it is also true that small and medium-sized enterprises tend to have insufficient security measures. Therefore, in this article, we will explain the following points: - An overview of ransomware - What symptoms appear if infected - What to do first if infected - What not to do if infected *For detailed content of the article, please refer to the attached PDF document. For more information, feel free to contact us.

• ISO-related consultant

In recent years, we have increasingly heard about the damage caused by ransomware. Many people still believe that cyberattacks primarily target large corporations, but data shows that more than half of the victims of ransomware are actually small and medium-sized enterprises. Therefore, this article will explain the following points: - What is ransomware? - Why are small and medium-sized enterprises also targeted? - What are the infection routes of ransomware? - How can we take measures against it? *You can view the detailed content of the article in the attached PDF document. For more information, please feel free to contact us.

• ISO-related consultant

The protection of personal information has become an important theme in modern society. In this context, the "Privacy Mark" has become a significant indicator of the assurance provided by companies and organizations that handle personal information appropriately. This article will explain the Privacy Mark by answering the questions of beginners. We will provide detailed explanations about the benefits of obtaining the Privacy Mark, the acquisition process, costs, and more. *For detailed content of the article, please refer to the attached PDF document. For more information, feel free to contact us.

• ISO-related consultant

Do you know the benefits of obtaining a Privacy Mark (P Mark) at a web production company? This article explains the advantages of acquiring a P Mark and the personal information held, and also considers the points to keep in mind when a web production company obtains a P Mark. *You can view the detailed content of the article in the attached PDF document. For more information, please feel free to contact us.*

• ISO-related consultant

"How do I apply for renewal after obtaining the P Mark?" I believe many people have this question. In this article, I will explain how to proceed with the P Mark renewal application, the necessary documents, and the costs involved. By reading this article, you will understand how to apply for both the initial acquisition and the renewal of the P Mark. Please use this information to assist you in progressing with your P Mark renewal application. *You can view the detailed content of the article in the attached PDF document. For more information, please feel free to contact us.

• ISO-related consultant

With the improvement of communication environments and the emergence of various tools and services, we have entered an era where we can choose a flexible way of working that is not constrained by time or location. Confidential information necessary for business can be easily accessed using cloud services, even when not in the office. However, the more convenient things become, the more likely it is that information assets will be targeted. Since attackers are constantly updating their methods, if you think, "We have security measures in place, so we are fine," you might find yourself a victim before you know it. In this article, I would like to explain in detail one of the attack methods targeting such information assets: targeted attacks. *For more detailed information, please refer to the attached PDF document. If you have any questions, feel free to contact us.*

• ISO-related consultant

Do you want to know more about the "internal audit for personal information protection," which is a necessary action to obtain the Privacy Mark (P Mark)? - Why is it necessary to conduct an internal audit for personal information protection in the first place? - I want to know the details of the internal audit for personal information protection. - What actions should be taken after conducting the internal audit for personal information protection? This article will introduce the purpose, implementation methods, and actual flow of the internal audit for those in charge who have such questions. *You can view the detailed content of the article in the attached PDF document. For more information, please feel free to contact us.

• ISO-related consultant

One of the methods of cyber attacks that has been increasing in recent years is "targeted attack emails." In the past, government agencies and large corporations were the primary targets, but recently, small and medium-sized enterprises have also become targets. This means that it is not unusual for anyone to become a victim at any time. In this article, we will introduce "targeted attack emails," focusing on key points to keep in mind to prevent your valuable information assets from being stolen. *For more detailed information, please refer to the attached PDF document. Feel free to contact us for further inquiries.*

• ISO-related consultant

- I want to know who should be appointed as the person responsible for personal information protection audits. - I want to know specifically what needs to be checked. I believe many people in charge have such concerns. In this article, we will explain who can be appointed as the person responsible for personal information protection audits and the specific checklist items (business contents) that need to be addressed. For information system personnel considering obtaining a Privacy Mark (P Mark), I hope this article will serve as a reference to correctly select the "person responsible for personal information protection audits" and prepare a manual for conducting internal audits. *You can view the detailed content of the article in the attached PDF document. For more information, please feel free to contact us.

• ISO-related consultant

Do you know about the system "ISMS" that manages company information? Currently, it has become essential for companies to implement information security measures. By establishing a framework for proper information management, companies can protect themselves from risks such as information leaks. ISMS is well-known as a certification related to information security. Since it is based on international standards, it becomes easier to gain trust from business partners. *You can view the detailed content of the article in the attached PDF document. For more information, please feel free to contact us.

• ISO-related consultant

If you are considering expanding your business overseas in the future, you may be wondering what the status of the Privacy Mark (P Mark) obtained in Japan would be. There are cases where personal information is sent overseas, such as when there are branches or group companies abroad, or when personal information is transmitted to cloud services based overseas. Even if you are doing business in Japan, the instances of sending personal information overseas are more common than you might think. Therefore, this time, I would like to introduce the criteria and key points regarding the "overseas transfer of personal information." *For detailed content of the article, please refer to the attached PDF document. For more information, feel free to contact us.*

• ISO-related consultant

For companies that handle personal information, establishing trust in the protection of personal information is very important. Therefore, we recommend obtaining the P Mark, which allows your company to widely promote that it handles personal information safely. Some government agencies and local governments have made P Mark certification a condition for participating in bids, and it is expected that this trend will continue in the future. This time, we would like to discuss the costs involved for those aiming to obtain the P Mark for the first time, from the perspective of an active consultant. *You can view the detailed content of the article in the attached PDF document. For more information, please feel free to contact us.*

• ISO-related consultant

Are you creating a checklist for the internal audit of the Privacy Mark (P Mark)? The items to check during the internal audit of the P Mark are diverse, and you can increase the number of items as much as you want. Therefore, it often becomes a complicated task, and you may be looking for a reference checklist. To assist you in building a checklist for the internal audit of the P Mark, this article will summarize the necessary information for the P Mark internal audit. *You can view the detailed content of the article in the attached PDF document. For more information, please feel free to contact us.*

• ISO-related consultant

Are you aware that the Privacy Mark (P Mark), which every business operator has likely heard of at least once, is gaining attention? - How should you operate once you launch an e-commerce site? - Is obtaining a P Mark necessary for an e-commerce business? With the rise of D2C businesses, the number of e-commerce site operators is increasing, and competition in the e-commerce sector is becoming fiercer each year. Many people in charge may be facing concerns like those mentioned above. Therefore, this time, we will explain the importance of obtaining a P Mark for the operation after launching an e-commerce site. *You can view the detailed content of the article in the attached PDF document. For more information, please feel free to contact us.*

• ISO-related consultant

- I want to obtain the Privacy Mark (P Mark), but I don't know what requirements I need to meet. - Many information system personnel are likely concerned about the new examination standards for the P Mark due to the amendments to personal information regulations. In this article, we will explain the significantly revised examination standards for the P Mark that were implemented with the enforcement of the amended Personal Information Protection Law on April 1, 2022. For those considering obtaining the P Mark, I hope you will learn "what standards need to be met for the P Mark application" and use this as a reference for creating your regulations. *You can view the detailed content of the article in the attached PDF document. For more information, please feel free to contact us.

• ISO-related consultant

Regarding the handling of business cards in companies that have obtained the Privacy Mark (P Mark), do you have any questions such as the following? - What is the proper way to handle business cards according to P Mark regulations? - What points should be noted when exchanging business cards? - Is it acceptable for P Mark certified companies to use business card management tools or services? - How should one select a business card management tool? Business cards are a tool for exchanging important information in the business field, and they contain personal information. Companies that have obtained the P Mark are required to manage business cards with strict oversight. This article will explain in detail the points and precautions for P Mark certified companies to handle business cards appropriately, as well as considerations when introducing business card management tools. *For detailed content of the article, please refer to the attached PDF document. For more information, feel free to contact us.*

• Other services

Do you know the proper way to set and handle passwords? Many people might think, "Honestly, setting a password is a hassle." From a security perspective, some may have experienced being rejected because "the entered password is already in use" or "it has become too simple a string." This time, from a security standpoint, we will introduce recommended methods for setting realistic passwords that are suitable for companies with P Mark certification, as well as how to manage multiple passwords. *You can view the detailed content of the article in the attached PDF document. For more information, please feel free to contact us.

• Other services

I have become the person in charge of obtaining the Privacy Mark (P Mark), but I have no idea what to do or how to proceed. I am looking for a consulting company that can assist with obtaining the P Mark, but I don't know what kind of company to hire. I believe many people share similar concerns. In this article, I will explain how to choose a consulting company that can provide suitable support for your company as you aim to obtain the P Mark. If you are a person in charge of seeking support for obtaining the P Mark, please refer to this article to determine which consulting company would be the best fit for your company. *You can view the detailed content of the article in the attached PDF document. For more information, please feel free to contact us.

• Other services

For companies that have obtained the Privacy Mark (P Mark), there is a question of whether "remote work is possible." In this article, we will address the following points for those who: - Do not know if companies with a P Mark can implement remote work - Do not understand the steps to take before starting remote work - Are curious about how the P Mark assessment will be affected if remote work is implemented We will introduce the procedures for companies with a P Mark to engage in remote work and discuss the assessment process. *For detailed content, please refer to the attached PDF document. Feel free to contact us for more information.*

• Other services

The definition of what constitutes personal information is clearly established by laws and JIS standards, but I think it might be surprisingly unknown to many people. In this article, I will explain in detail what "personal information" means in the context of the P Mark. Additionally, I will provide specific examples of personal information, using telecommunications and healthcare as examples to clarify what qualifies as personal information. I hope this will be helpful for your company's efforts in protecting personal information. *You can view the detailed content of the article in the attached PDF document. For more information, please feel free to contact us.

• Other services

Do you know the requirements for internal audit personnel? In ISMS, it is necessary to conduct internal audits to check that the rules are being properly implemented. However, there are conditions to become a responsible person, so not just anyone can take on this role. In this article, we will explain: - The flow of internal audits - The requirements for those in charge of internal audits - The responsibilities of internal audit personnel *You can view the detailed content of the article in the attached PDF document. For more information, please feel free to contact us.

• ISO-related consultant

There are various certification systems related to information security, but most of them were established before cloud services became widely adopted. As a result, they did not adequately cover the security risks specific to cloud services. Cloud services offer the advantage of reduced initial implementation costs and the ability to access information from different locations and devices as long as there is an internet connection. However, they also come with risks such as information leakage and unauthorized use of accounts by third parties. To address such risks, a new method has emerged to demonstrate that an appropriate information management system is in place: cloud security certification. *For more detailed information, please refer to the attached PDF document. If you have any questions, feel free to contact us.*

• ISO-related consultant

When promoting ISMS certification on business cards, it is important to pay attention to accurate display and usage. In this article, we will clearly explain three points to consider regarding the display of ISMS certification on business cards, as well as four marketing considerations, making it easy for beginners to understand. By understanding the correct usage of the ISMS certification mark and the key points for its display, you will be able to utilize it for "trustworthiness appeal" in printed materials such as business cards and websites. *For detailed content of the article, please refer to the attached PDF document. For more information, feel free to contact us.

• ISO-related consultant

Are you familiar with the "Supplier Management" item in ISMS? This "supplier" refers to "external contractors." Even if our company's security is perfect, if the security of the contractors is weak, our company, which entrusts information, will also suffer damage. Therefore, it is now important to have "Supplier Management (Contractor Management)" to protect the company's information assets. In this article, we will explain what contractor management is and what the process looks like for those who: - Do not understand what contractor management is - Want to know about the flow of contractor management *You can view the detailed content of the article in the attached PDF document. For more information, please feel free to contact us.

• ISO-related consultant

The main purpose of utilizing the ISMS certification support service is to efficiently and accurately obtain certification for the Information Security Management System (ISMS). I would like to introduce the benefits of using the ISMS certification support service for companies to obtain certification for the international standard for information security, ISO 27001. *For detailed information, please refer to the attached PDF document. For more details, feel free to contact us.*

• ISO-related consultant

It is said that obtaining ISMS (ISO 27001) typically takes about one and a half to two years, and there are cases where it has taken several years, leading some to ultimately give up on obtaining it. Why is it so difficult to obtain? In this article, we will explain the challenges associated with obtaining ISMS (ISO 27001) within the process of acquisition. *For detailed information, please refer to the attached PDF document. Feel free to contact us for more details.*

• ISO-related consultant

I believe many responsible individuals want to establish an ISMS as soon as possible, so this article will introduce the process and duration of obtaining ISMS certification. Acquiring an ISMS (Information Security Management System) is important for strengthening an organization's information security, but for those who are tackling it for the first time, it can be challenging to estimate the timeline. This article will explain the points where beginners often stumble. *You can view the detailed content of the article in the attached PDF document. For more information, please feel free to contact us.*

• ISO-related consultant

With the expansion of business operations, many may feel that the increase in internal information systems and networks has heightened the risks of information leaks and cyberattacks. One of the challenges is that sufficient awareness of information security may not be well established within the company, and you might be in the process of gathering information to obtain certifications related to information security. In this article, we will introduce five key preparations necessary to acquire the international standard for information security, ISMS (ISO 27001), focusing on five main points. We hope that by understanding the aspects to be careful about in the construction and operation of ISMS, you can use this information to prepare for strengthening your company's information security. *For detailed content of the article, please refer to the attached PDF document. For more information, feel free to contact us.*

• ISO-related consultant

ISMS is a framework built based on the international standard for information security, ISO/IEC 27001, which defines the processes and procedures for organizations to properly manage and protect their information assets. When we hear about information security, it may seem like a topic limited to certain industries, but companies from various sectors are obtaining it. So, which industries are actually paying attention to it, and what is the process for obtaining it? From the perspective of a professional who has seen many different workplaces, I will explain it in an easy-to-understand manner. *For detailed content of the article, please refer to the attached PDF document. For more information, feel free to contact us.*

• ISO-related consultant

In recent years, the types of information handled by companies have diversified. As a result, the number of companies aiming to obtain ISMS certification, which demonstrates proper information handling, continues to increase. This time, we will introduce the types of assessments involved and the general process leading to certification for those considering obtaining ISMS. *For detailed content of the article, please refer to the attached PDF document. For more information, feel free to contact us.*

• ISO-related consultant

We are responsible for maintaining the security of Japanese society, ensuring that security and personal information are not leaked or infringed upon, much like the Shinsengumi, while protecting the peace of companies and business owners through the acquisition of P Mark and ISMS certification. We aim for a society where everyone can live with peace of mind and focus on their original work. So far, we have facilitated over 2,000 certifications for companies ranging from large corporations to small and medium-sized enterprises. Did you know that over 50,000 companies worldwide have obtained ISMS certification? In Japan, more than 7,000 certifications have been acquired. *For detailed information, please refer to the attached PDF document. For more details, feel free to contact us.

• ISO-related consultant

ISMS stands for "Information Security Management System." It refers to the efforts made by an organization to strengthen its information security. By implementing ISMS as an organization, it is possible to raise the overall level of information security, protect important information, mitigate risks such as information leaks, and gain trust from customers and business partners. The international standard related to ISMS is ISO27001, and a third-party certification system based on this ISO27001 is operated in various countries. This certification system is referred to as "ISMS certification," or simply "ISMS" for short. By undergoing an audit from an external auditing body and obtaining proof that the organization meets the requirements of ISO27001, it can promote its commitment to ISMS externally. *For more detailed information, please refer to the attached PDF document. For further inquiries, feel free to contact us.

• ISO-related consultant

ISMS (Information Security Management System) translates to "Information Security Management System" in Japanese. This refers to the management framework for properly protecting important information held by companies. In recent years, issues such as information leaks have been increasingly highlighted, and it is understood that many of these are due to human errors. Corporate information assets come in various forms, and the risks associated with each vary in size. Therefore, ISMS exists as a framework to evaluate information security risks and implement appropriate measures for each, allowing organizations to manage important information properly and continuously improve. *For more detailed information, please refer to the attached PDF document. Feel free to contact us for further inquiries.*

• ISO-related consultant

As you start considering obtaining ISMS certification and begin researching surrounding information, you may come across a certification body called "ISMS-AC." It is known that in order to obtain ISMS certification, it is necessary to receive audit services from a certification body, but many people may not have a good understanding of this ISMS certification body. Therefore, in this article, we will explain: - About ISMS-AC - The certification bodies accredited by ISMS-AC and other certification bodies - The differences from JIPDEC *You can view the detailed content of the article in the attached PDF document. For more information, please feel free to contact us.*

• ISO-related consultant

By obtaining ISMS (ISO 27001), you can secure information security, enhance reliability, strengthen risk management, and avoid damages caused by information leaks, leading to various benefits such as cost reduction. Of course, there are not only benefits but also drawbacks. In this article, we will explain in detail three advantages and three disadvantages of obtaining ISMS (ISO 27001). We hope that by reading this article, you will gain knowledge about the construction and operation of ISMS and that it will assist you in preparing to strengthen your company's information security. *You can view the detailed content of the article in the attached PDF document. For more information, please feel free to contact us.*

• ISO-related consultant

Are you outsourcing part or all of your operations that involve personal information? To obtain the P Mark (Privacy Mark), it is crucial to conduct an "audit of the outsourcing partner handling personal information." In this article, we will provide detailed explanations on: - What types of outsourcing partners handle personal information - How to evaluate outsourcing partners - How to supervise outsourcing partners - What kind of "memorandum" should be established with outsourcing partners *You can view the detailed content of the article in the attached PDF document. For more information, please feel free to contact us.

• Other security

Companies that have obtained the P Mark are obligated to conduct employee training at least once a year to ensure that their employees can appropriately handle personal information held by the company. In consultations with our company, which has supported over 3,000 companies in obtaining P Mark and ISMS certification, the most common concerns are: "How much should we teach in employee training?" "How should we create tests related to personal information?" "What is the difference between P Mark education and ISMS education?" In this article, we will explain the four necessary training contents for the P Mark, the flow of employee training for the operation and implementation of the P Mark, and the differences between P Mark education and ISMS education. *For detailed content of the article, please refer to the attached PDF document. For more information, feel free to contact us.

• Other security