Corporate website of Orient Corporation


Information Security and Personal Information Protection

Our Approach to Information Security

Our company is committed to the appropriate management of information assets, including our customers' personal information, based on our Information Security Basic Policy. In accordance with our Personal Information Protection Policy, we clarify the usage, acquisition, management posture, and methods related to personal information handling. We also strive to thoroughly inform each of our employees and enhance the proper protection and management of personal information.

Personal Information Protection and Management System

Under the guidance of our Personal Information Management Officer, delegated by our President and Director, we conduct comprehensive control and management of personal information based on relevant laws and internal regulations to ensure its proper handling.

Security Certifications

Our company has obtained the following security certifications

Certification Name Certification Department Year of Certification
Privacy Mark - 2006
PCIDSS Authorization System 2011
Web-based Systems 2013
Mission Critical Systems 2018
Data Transfer and Exchange Systems 2020
ISMS Card Issuance Operations (Operations Center in Fukuoka) 2018
Card Issuance Operations (Operations Center) 2021

Information Security and Personal Information Protection Initiatives

1.Strengthening System Security Measures

Our company is continuously working to enhance system security measures. We analyze from perspectives of the level of attack techniques and whether the source of the attack is internal or external, and prioritize accordingly.

(1)Measures Against Unauthorized Data Extraction from Within

  • Restrict data export functions from internal computers and prohibit connections to USB memories and smartphones.
  • Limit access to websites that could lead to information leaks.
  • Enforce user rights control and compliance with password policies to regulate system access.

(2)Measures Against External Attacks

  • Implement multi-layered measures such as detection and defense against unauthorized access/intrusion.
  • Equip latest detection functions against suspicious emails containing attachments with malicious functions.
  • Thoroughly inform all employees of the response procedures following the detection of suspicious emails.

2.Orico CSIRT

In response to increasingly sophisticated and complex cyber attacks and other incidents, our company has formed a security incident response team "Orico CSIRT" and implemented the following initiatives

  • (1) Immediate response to information security incidents occurring in our information system.
  • (2) Formulation and implementation of recurrence prevention measures and other necessary post-incident measures.
  • (3) Cyber attack training status (2022 fiscal year)
    • Cyber attack training: Twice

3.Utilization of External Security Consultation Companies

Our company utilizes external security consulting companies to perform professional and objective evaluations of the appropriateness of our security measures and to strengthen our security measures.

4.Personal Information Protection Training

Through the following training programs for our employees, we strive to thoroughly inform and implement the protection of personal information

  • (1) Company-wide e-training (once a year)
  • (2) Departmental, office, and branch unit-based training on safe management of personal information (all year round)
  • (3) Personal information handling officers: 3,556 (as of March 2023)