Product Security Policies

This document describes the basic policies concerning information security of product that have been developed and manufactured by Canon Medical Systems.

1.Objectives

2.Organizational security measures

Establishing a secure organizational structure and monitoring system
We have created a global monitoring system so that we can take immediate action if incidents affecting security occur, and to prevent such incidents, we have instituted a number of internal corporate preventive processes. In addition, we have also established a system for collecting and analyzing reports from our customers.

Providing security education for our employees
We provide our employees with security education to ensure that all employees have accurate knowledge and a full appreciation of the importance of information security.

Establishing secure design and development processes
We have formulated a security baseline (risk control standard) that includes the requirements of relevant standards and guidelines. Our products are designed and developed according to this security baseline. In addition, the baseline is reviewed periodically to incorporate additional preventive measures against new threats to new products.

3.Technical security measures

Security vulnerability management of products
We establish a system for monitoring and analyzing the security vulnerabilities of our products, including third-party software such as the computer operating system (OS). If security vulnerability which can cause customers harm or impact on essential performance of the product is found, we immediately take appropriate actions such as providing updates to the OS and software to eliminate the vulnerability. For the critical security vulnerability without safety related risk, we will disclose security vulnerability information including affected product and interim correspondence.

Measures against malware
We validate and deliver system software all its products to customers free of malware. We work to improve the security by applying an antivirus function to appropriate products.

4.Proper handling of security information

We provide our customers with security information concerning our products in the form based on the standard of each country.

5.Maintaining a high level of security

Operating environment
A high level of security can be achieved and maintained only when we provide products with security measures and our customers use these products in a suitable operating environment where security is controlled. Our customers are therefore requested to institute reasonable risk management policies and adopt necessary security measures at their facilities, including a firewall or a malware checking of the media to be used.

Product management
From the perspective of product warranty and safety, it is prohibited to change or modify the products without specific written instructions issued by Canon Medical Systems.

6.Ensuring safe and reliable medical services

Providing service activities
To ensure safe medical services, we not only provide products but also customer supports through activities of providing services related to security support and conducts service activities.

What are our goals?
In accordance with the basic policies described in this document, we continuously promote and execute activities to maintain and further improve the security of our products. We are committed to ensuring the highest level of customer satisfaction and promoting the health of people worldwide through these activities.