News Understanding Sysmex

Select your local Sysmex website

JAPAN

AMERICAS

EMEA

ASIA PACIFIC

GLOBAL HEADQUARTERS (JAPAN)

REGIONAL HEADQUARTERS

OTHER SYSMEX GROUP COMPANIES

  1. Home
  2. Sustainability
  3. Governance
  4. Enhancing Information Security

Governance

Enhancing Information Security

Information, Cybersecurity Policy and Structure

Sysmex is working to strengthen Group-wide security governance by enhancing its security levels. To provide safer and more reliable services to our customers and business partners, we have formulated the Information Security Policy and disclosed the Group’s fundamental philosophy and policies.
Furthermore, under the supervision and management of the Information Security Officer, Senior Executive Officer Kensuke Iizuka, Sysmex has established the Global Information Security Committee. The committee plays a central role in formulating policies related to Group-wide information security, developing business continuity plans, and addressing day-to-day issues. By building a Group-wide information security management framework, Sysmex works to protect its information assets from various threats and ensure business continuity.

Information and Cybersecurity Initiatives

Sysmex has established the Sysmex-Computer Security Incident Response Team (Sysmex-CSIRT) and strengthened its information and cybersecurity initiatives by utilizing a managed Security Operation Center (SOC). As a preventive measure, we use alerts from the SOC and threat intelligence provided by external organizations such as JPCERT/CC to prevent information leaks and data breaches. In the event of an incident, we have a framework in place for rapid detection and initial response to prevent the spread of damage and ensure early recovery of business operations.
To protect our IT assets, Sysmex has introduced Attack Surface Management (ASM), which enables continuous risk management of IT assets through ongoing processes to detect and evaluate vulnerabilities.
Regarding collaboration with external organizations, we have joined the Nippon CSIRT Association and Forum of Incident Response and Security Teams (FIRST) to share information regarding threats from emergencies and other significant incidents.
Other specific measures include rigorous management and regular review of access to information, regular updates to security patches, login restrictions using biometric authentication (facial and fingerprint recognition) for laptop computers and mobile devices on loan from the Company, and reviews of installed applications to ensure continuous operational and control measures. We have also installed endpoint detection and response (EDR) for PCs and server devices as part of our ransomware countermeasures (endpoint technology countermeasures). In addition, we have established a prompt escalation process to the information security supervisory department when incidents or suspicious events occur. In fiscal 2024, there was no significant breach.

Product Security Initiatives

Sysmex has established a Product Security Policy and set up the Product Cybersecurity Committee to promote stronger security measures for its analyzers, thereby ensuring customers can use our products with peace of mind. We continue to carry out these security enhancement activities on an ongoing basis.
In addition, we have established a Product Security Incident Response Team (PSIRT) to manage vulnerabilities in product design, manufacturing, and post-market phases. We also regard sensitive information (including individual, patient, and test subject information) obtained from our customers and those who have participated in research and development and experiments, as well as advanced, original technology regarding products and intellectual property, as important management assets  and necessary measures are taken to prevent information leaks and internal fraud.

Information and Cyber Security Education

At Sysmex, in addition to the e-learning program on information security and drills for targeted email attacks (BEC and phishing), we are also implementing initiatives to raise employee awareness of information security, such as seminars concerning how emails should be handled.
We recommend that Sysmex-CSIRT members obtain international qualifications (ISC2 CISSP, SANS GIAC, CompTIA) to reinforce our response to security incidents.

Acquiring Information Security Certification

Sysmex has obtained ISO 27001 certification for our Information Security Management System (ISMS) to enhance information security management.

  • Sysmex Corporation (research involving personal information such as gene sequencing)
  • Sysmex CNA (service and support divisions)
  • Sysmex Europe (sales and service, IT services, etc.)
  • Sysmex New Zealand
  • Sysmex UK*
  • Oxford Gene Technology*
  • In addition to ISO 27001 certification, both Sysmex UK and Oxford Gene Technology have also obtained Cyber Essentials certification (certification system initiated in 2014 by the UK government to improve corporate cyber security). These entities undergo surveillance evaluation every six months.
Back to "Governance"