Governance
Enhancing Information Security
Enhancing Product Security and Information and Cyber Security
Product Security Initiatives
Sysmex has established the Product Security Policy for our products and services used by customers and has established a Product Security Incident Response Team (PSIRT) to manage product design and manufacturing as well as post-marketing vulnerabilities.
Sensitive information obtained from our customers and those who have cooperated in our research and development and experiments (including individual, patient, and test subject information), as well as advanced, original technology regarding products and intellectual property are considered important information assets for management, and necessary measures are taken to prevent information leakages and internal fraud.
Information and Cyber Security Initiatives
We formulated the Global Information Security Regulations (Information Security Policy) to establish a Group-wide information security management framework under the supervision and management of a senior executive officer and senior managing director who acts as Information Security Officer, thereby controlling and managing security with the DX Strategy Development Division at its core. We also established a Sysmex Computer Security Incident Response Team in fiscal 2020 to enhance our initiatives.
In terms of cooperating with outside organizations, we participate in the Medical Device Cyber Security Council, which is made up of the Ministry of Health, Labour and Welfare, hospitals, and domestic medical device manufacturers. We are also affiliated with the Nippon CSIRT Association and share information regarding threats from emergencies and significant incidents.
Internally, we implemented specific measures including rigorous management and regular review of access to information, regular updates to security patches, login restrictions by biometric authentication (facial and fingerprint recognition) for laptop computers and mobile devices on loan from the Company, and review of installed applications. In addition to these continuous operational and control measures, we also installed endpoint detection and response (EDR) for PCs and server devices as part of our ransomware countermeasures (endpoint technology measures).
Internally, we implemented specific measures including rigorous management and regular review of access to information, regular updates to security patches, login restrictions by biometric authentication (facial and fingerprint recognition) for laptop computers and mobile devices on loan from the Company, and review of installed applications. In addition to these continuous operational and control measures, we also installed endpoint detection and response (EDR) for PCs and server devices as part of our ransomware countermeasures (endpoint technology measures).
Information and Cyber Security Education
At Sysmex, we provide annual e-learning training on information security for all our Group employees as well as our temporary employees and independent contractors.
Furthermore, beginning in fiscal 2021, the number of participants attending information literacy education was set as a monitoring index within the sustainability targets, enabling us to work toward improving our information security level.
Acquiring Certification Regarding Information Security
Our Skyfront Research Campus (Kawasaki-ku, Kawasaki) obtained ISO 27001 certification related to our Information Security Management System (ISMS), and Sysmex is enhancing its information security management to conduct research involving gene sequences and other personal information. Additionally, the service and support division at Sysmex CNA has also received the same certification, ensuring the confidentiality, completeness, and availability of the information it handles.