PHC GROUPPHC Holdings Corporation

About Us

About PHC GroupCEO MessageMission, Vision & ValuesValue Creation PlanHistory LeadershipPHC Group by the Numbers

Group Companies

Ascensia LSI Medience Wemex Mediford Epredia PHCbi PHC IVD

Products & Services

Cancer Pathology Biologic & Cell Preservation Diagnostic Testing Patient Record & Billing Software Diabetes Management Medical Device & Drug Delivery

Sustainability

Investor Relations

INVESTOR RELATIONS

Newsroom

NEWSROOM
CareersContact
JP

Other PHC Group Websites

Other PHC Group Websites

CareersContactJP
Sustainability > Integrated Report > Sustainability > Cybersecurity

Integrated Report 2025

Sustainability: GovernanceCybersecurity

Company-Wide Policy

PHC Group has prepared information security management standards for group companies based on the framework of the international information security standard ISO 27001. We operate and manage these standards on a global basis through a unified system and set of rules.

Cybersecurity Committee

PHC Group convenes a Cybersecurity Committee to discuss the group’s cybersecurity policy, key performance indicator (KPI) reviews, incident reports, and response plans for any potential security risks. These meetings are attended by all PHC Group Corporate Officers, including the President and CEO. At the meetings, members discuss any cybersecurity concerns and responses related to our business and determine and implement necessary measures.

Training and Education

As part of cybersecurity training in fiscal year 2024, PHC Group conducted two e-learning training sessions for employees in Japan: (1) Information security training (general education) and (2) Targeted email attack countermeasures training. The completion rate was 100% for both trainings for all eligible employees.

We also provided training on data protection to employees globally across PHC Group and the completion rate for eligible employees was 100%.

The attendance rate of training and education related to cybersecurity and data protection has increased due to active engagement by employees. Our cybersecurity efforts are widely disseminated among employees, and we continue to work together to build a secure digital environment.

Information Security Reviews for Vendors

PHC Group is actively working to reduce potential cybersecurity risk by conducting annual information security reviews for high-risk vendors. Specifically, we investigate the status of ISO 27001 and Privacy Mark certifications for outsourced vendors, as applicable. If vendors are not certified, we use a cybersecurity standard checklist and require that they have a score of 90 out of 100 or higher, or that they have security standards that are equivalent to or higher than those of PHC Group. If compliance standards are not met, we consult with the outsourced vendors and take measures to avoid and reduce risks.

To ensure comprehensive coverage, in fiscal year 2024, we extended these efforts to all vendors across PHC Group, achieving a 100% implementation rate. In particular, we identified high-risk vendors based on three criteria: the level of confidential information they handle, their degree of access to critical systems and networks involved, and the business processes involved. By implementing necessary countermeasures, we successfully mitigated risks.

As the business environment and emerging technologies continue to rapidly evolve, PHC Group will continue to take a consistent and continuous approach to vendor and supply chain risk, focusing on information security and the criteria mentioned above.

Integrated Report 2025

Executive Summary

Our Value Creation

Corporate Strategy

Business

Sustainability

Data Section

Appendix