Information is a critical corporate asset in promoting the use of data and advanced digital technologies. The Daiichi Sankyo Group has implemented effective security measures against the risk of leakage and falsification of confidential information, production line stoppage, and product liability and litigation risks, and create a robust cyber environment.
Improvement and Strengthening of Information Security Management System
To ensure a stable supply of products and provide reliable information to customers, we have established a global information security policy and information security measures on a global scale under the leadership of the Head of Global Information Security. In addition, the CDXO*1, the chief officer of the digital domain together with information management functions, supervises digital transformation for the entire organization, and oversees the conduct of its operations. The information and system assets referred to in this policy include data, media, information systems, industrial systems and paper-based systems containing information on our business partners, customers and business units.
As for information management centered on document management, Daiichi Sankyo works to ensure thorough information management by ensuring safety and reliability, standardizing, and continuously assessing all Group companies in Japan to ensure appropriate controls are in place. As for information security, we established the Daiichi Sankyo Group Information Security Standard with the aim of raising the level of implementation of global security measures in FY2022.
In addition, starting in FY2023, such functions have been transferred to Global DX, and information security for the entire Group will be further strengthened jointly with digital functions. In order to protect information resources from security threats, it is paramount to continuously raise the awareness of all employees. To educate employees about cyber-attacks and targeted e-mails, etc., an information security awareness campaign is executed on an ongoing basis at each of the Group Companies.
- *1Chief Digital Transformation Officer
Measures for Cyber Security
The CSIRT, the framework for dealing with computer security incidents in enterprises, is managed under the leadership of the Head of Global Information Security in order to respond to the increasing number of cyber-attacks in recent years.
With the cooperation of external security partners, the security monitoring system is operating 365/24/7, and a system is in place to respond swiftly to incidents that have occurred. It is important to collaborate with other organizations in the same industry as well as other industries to manage the threat of cyber-attacks.
In collaboration with external security teams such as external specialist organizations and other companies' CSIRT, we collect information related to cyber security and proposes and promotes security measures for the Group.
Moreover, we aim to contribute to improving security not only within the Group, but also for the entire society by building cooperative relations with external organizations.
Accordingly, the Group is continuously engaging in activities centered on CSIRT.
Personal Information Security Initiatives
Personal information is essential to a company's business activities, but by its very nature, may cause irreparable harm to individuals if mishandled. Based on the Daiichi Sankyo Group Privacy Policy, a global standard for protecting personal information, we have established internal rules that comply with the laws and regulations of each country and region to ensure the safe management of personal information. We also regularly conduct training sessions to ensure that all employees are thoroughly trained to handle personal information in the most appropriate manner. In FY2022, briefing sessions on the revision of internal rules in response to the revised Personal Data Protection Act were held in Japan, as well as e-learning for all directors and employees. Also, we conducted monitoring to ensure that the revised rules were thoroughly implemented.
In addition, with regard to handling Individual Numbers in Japan, nicknamed “My Number” information, we regularly evaluate the security management status of “My Number” information at our vendors and conduct on-site audits.
Furthermore, we take appropriate measures such as providing e-learning programs in Japan to ensure that we understand our basic policies and management system.
Moreover, regulations regarding personal information are being tightened around the world, as evidenced by Europe's General Data Protection Regulation (GDPR). We are working to address the personal information protection laws and regulations that will be enforced in the relevant countries and regions.
Going forward, we will continue to work on reducing risks and identifying issues at an early stage to prevent material noncompliance regarding the Act on the Protection of Personal Information.