Enhancing Information Security

Sysmex Corporation has established a Product Security Policy for our products and services and has established a Product Security Incident Response Team (PSIRT) to manage product design and manufacturing, as well as post-marketing vulnerabilities. Sensitive information (including individual, patient, and test subject information) obtained from our customers and those who have participated in research and development and experiments, as well as advanced, original technology regarding products and intellectual property, are considered important assets for management, and necessary measures are taken to prevent information leaks and internal fraud.

Sysmex established the Global Information Security Committee in May 2023 to further enhance Group-wide information security management. We have formulated the Information Security Policy and established a Group-wide information security management framework as well as protect our information assets from threats and work to ensure our business continuity under the supervision and management of the Information Security Officer, Kenji Tachibana, a member of the Managing Board, a senior executive officer, and a senior managing director. Specifically, we established a Sysmex Computer Security Incident Response Team (Sysmex-CSIRT) to bolster our initiatives, such as prevention and early response to incidents and pre- and post-response to information leaks and data breaches based on such information as alerts received from the managed SOC (security operations center), in addition to threat information (threat intelligence) received from external parties (JPCERT/CC).
Regarding collaboration with external organizations, we have joined the Nippon CSIRT Association and Forum of Incident Response and Security Teams (FIRST) to share information regarding threats from emergencies and other significant incidents.
Internally, specific measures include rigorous management and regular review of access to information, regular updates to security patches, login restrictions using biometric authentication (facial and fingerprint recognition) for laptop computers and mobile devices on loan from the Company, and reviews of installed applications to ensure continuous operational and control measures. We have also installed endpoint detection and response (EDR) for PCs and server devices as part of our ransomware countermeasures (endpoint technology countermeasures).

At Sysmex, in addition to the e-learning program on information security and drills for targeted email attacks (BEC and phishing), we are also implementing initiatives to raise employee awareness of information security, such as seminars concerning how emails should be handled.
We recommend that Sysmex-CSIRT members obtain international qualifications (ISC2 CISSP, SANS GIAC, CompTIA) to reinforce our response to security incidents.