Home > Procedure (New Applications) > 4. On-site Assessment

4. On-site Assessment

Contents of this page:
On-site assessment
1. Interview with the company representative
2. Confirm status of operations
3. Check on-site implementation
4. Summary

On-Site Assessment

After the completion of document screening, on-site screening will be executed.

On-site screening is undertaken to clarify any question arising during document screening, as well as to confirm whether the system is structured and managed according to PMS.

  • Transportation and accommodation expenses, including costs associated with the assessment and on-site assessment will be incurred. (JIPDEC's Rules for travel are to be applied ). Please pay this bill promptly.
  • Note that the Accreditation Body and Conforminity Assessment Bodies have the right to suspend the assessment process if payment for costs associated with an On-site Assessment have not been paid.

The On-site Assessment will be conducted as follows:

1. Interview with the Company Representative

  • Interview with the Representative
  • Business activities and policies
  • Reason for application for PrivacyMark accreditation
  • Personal information security policy and its infiltration methodology for employee
  • Appointment of a personal information security manager and lead auditor
  • Management review

2. Confirm Status of Operations

Interviews are conducted with the personal in charge of application, personal information security manager, lead auditor, etc.

  • Conduct checks on the management of personal information
  • Specified order
  • Education and training
  • Auditors
  • Subcontractor contracts/selection criteria
  • Risk awareness and management
    • Transport/on-site subcontracting/networking
    • Inappropriate applications/viruses/remote access
  • Any use or provision of information for which permission has not been obtained, e.g., telephone directories
  • Replies for requests from information agent

3. Check On-Site Implementation

  • Check personal information security policy and its infiltration methodology for employees
  • Physical access systems
    • Entrances, machine rooms, warehouses, document storage areas, safes, draws
    • Controls on locks
  • Logical access controls
    • Client services
    • Coding
    • Code key control
  • Backup
    • Record media controls
  • Records
    • Documents to confirm reception/disposal of personal information
    • Entry/exit into rooms, access logs
    • Ledgers
  • Special online procedures
    • Personal information policy at web-site
    • Use of SSL when information is collected
    • Send an agreement form each time services are conducted
    • Any use of Web bugs such as cookies
    • Security measures such as cross site scripting (CSS)

4. Overalls

  • Non-conformity