Governance

Enhancing Information Security

Enhancing Product Security and Cyber Security

Product Security Initiatives

Sysmex Corporation has established a Product Security Policy for our products and services and has established a Product Security Incident Response Team (PSIRT) to manage product design and manufacturing, as well as post-marketing vulnerabilities. Sensitive information (including individual, patient, and test subject information) obtained from our customers, and those who have participated in research and development and experiments, as well as advanced, original technology regarding products and intellectual property, are considered important assets for management, and necessary measures are taken to prevent information leaks and internal fraud.

Information and Cyber Security Initiatives

We formulated the Global Information Security Regulations (Information Security Policy) to establish a Groupwide information security management framework. This creates an information security management system for the entire Group under the supervision and management of a Member of the Management Board, a senior executive officer, and a senior managing director, who acts as Information Security Officer, with the DX Strategy Development Division at its core. We established a Sysmex Computer Security Incident Response Team (Sysmex-CSIRT) to bolster our initiatives such as prevention and early response to incidents and pre- and post-response to information leaks and data breaches, based on such information as alerts received from the managed SOC (security operations center) and threat information (threat intelligence) received from external parties (JPCERT/CC).
Regarding collaboration with external organizations, we participate in the Medical Device Cyber Security Council, whose members include representatives from the Ministry of Health, Labour and Welfare, hospitals, and domestic medical device manufacturers. We have also joined the Nippon CSIRT Association and Forum of Incident Response and Security Teams (FIRST) to share information regarding threats from emergencies and other significant incidents.
Internally, we have implemented specific measures including rigorous management and regular review of access to information, regular updates to security patches, login restrictions by biometric authentication (facial and fingerprint recognition) for laptop computers and mobile devices on loan from the Company, and reviews of installed applications. In addition to these operational and control measures, we also installed endpoint detection and response (EDR) for PCs and server devices as part of our ransomware countermeasures.

Information and Cyber Security Education

At Sysmex, we provide annual e-learning on information security for all our Group employees, as well as temporary employees and independent contractors. In fiscal 2022, we held cyber security training in multiple languages for all employees in the Group. We are also implementing initiatives to raise employee awareness of information security, such as seminars concerning how emails should be handled, as well as drills for targeted email attacks (BEC and phishing).
We recommend that Sysmex-CSIRT members obtain international qualifications (ISC2 CISSP, SANS GIAC, CompTIA) to reinforce our response to security incidents.

Acquiring Information Security Certification

Sysmex Corporation has obtained ISO 27001 certification for our Information Security Management System (ISMS), and we are enhancing our information security management for research involving gene sequencing and other personal information. The service and support division of Sysmex CNA has obtained the same certification. Sysmex UK and Oxford Gene Technology have obtained Cyber Essentials* certification as well as ISO 27001 certification, and undergo a surveillance review every six months.

  • Certification system initiated in 2014 by the UK government to improve corporate cyber security