Governance

Enhancing Information Security

Enhancing Product Security and Cyber Security

Product Security Initiatives

Sysmex Corporation has established a Product Security Policy for our products and services and has established a Product Security Incident Response Team (PSIRT) to manage product design and manufacturing, as well as post-marketing vulnerabilities. Sensitive information (including individual, patient, and test subject information) obtained from our customers and those who have participated in research and development and experiments, as well as advanced, original technology regarding products and intellectual property, are considered important assets for management, and necessary measures are taken to prevent information leaks and internal fraud.

Information and Cybersecurity Initiatives

Sysmex established the Global Information Security Committee in May 2023 to further enhance Group-wide information security management. We have formulated the Information Security Policy and established a Group-wide information security management framework as well as protect our information assets from threats and work to ensure our business continuity under the supervision and management of the Information Security Officer, Kenji Tachibana, a member of the Managing Board, a senior executive officer, and a senior managing director. Specifically, we established a Sysmex Computer Security Incident Response Team (Sysmex-CSIRT) to bolster our initiatives, such as prevention and early response to incidents and pre- and post-response to information leaks and data breaches based on such information as alerts received from the managed SOC (security operations center), in addition to threat information (threat intelligence) received from external parties (JPCERT/CC).
Regarding collaboration with external organizations, we have joined the Nippon CSIRT Association and Forum of Incident Response and Security Teams (FIRST) to share information regarding threats from emergencies and other significant incidents.
Internally, specific measures include rigorous management and regular review of access to information, regular updates to security patches, login restrictions using biometric authentication (facial and fingerprint recognition) for laptop computers and mobile devices on loan from the Company, and reviews of installed applications to ensure continuous operational and control measures. We have also installed endpoint detection and response (EDR) for PCs and server devices as part of our ransomware countermeasures (endpoint technology countermeasures).

Information and Cyber Security Education

At Sysmex, in addition to the e-learning program on information security and drills for targeted email attacks (BEC and phishing), we are also implementing initiatives to raise employee awareness of information security, such as seminars concerning how emails should be handled.
We recommend that Sysmex-CSIRT members obtain international qualifications (ISC2 CISSP, SANS GIAC, CompTIA) to reinforce our response to security incidents.

Acquiring Information Security Certification

Sysmex Corporation has obtained ISO 27001 certification for our Information Security Management System (ISMS), and we are enhancing our information security management for research involving gene sequencing and other personal information. The service and support division of Sysmex CNA has obtained the same certification. Sysmex UK and Oxford Gene Technology have obtained Cyber Essentials* certification as well as ISO 27001 certification, and undergo a surveillance review every six months.

  • Certification system initiated in 2014 by the UK government to improve corporate cyber security
  • In this report, “Sysmex” refers to the Sysmex Group as a whole. “Sysmex Corporation” refers to the Company on a standalone basis.