PHC GROUPPHC Holdings Corporation

About Us

CEO Message Corporate Overview History Mission Vision Values Value Creation Plan Leadership PHC Group by the Numbers

Group Companies

Ascensia LSI Medience Wemex Mediford Epredia PHCbi PHC IVD

Products & Services

Cancer Pathology Biologic & Cell Preservation Diagnostic Testing Patient Record & Billing Software Diabetes Management Medical Device & Drug Delivery

Sustainability

Investor Relations

INVESTOR RELATIONS

Newsroom

NEWSROOM
CareersContact
JP

Other PHC Group Websites

Other PHC Group Websites

CareersContactJP
Sustainability > Governance Initiatives > Compliance and Risk Management

Governance Initiatives

Compliance and Risk Management

Compliance

Code of Conduct

PHC Group’s Code of Conduct applies to all countries and employees. It is organized by each of our values: “Diversity & Collaboration,” “Innovative Thinking,” “Challenging Spirit,” and “High Standards of Integrity.” We focus on the key risks to our business and key principles for acting ethically and in compliance with company policies.
In addition to our Code of Conduct, we also comply with applicable local, national, regional, and international laws, rules, regulations, and legal doctrines. If there is a conflict between our policies, standards and Code of Conduct, and applicable laws and regulations, we will follow the most stringent applicable regulation.

Please click here to learn more about our Code of Conduct:
https://www.phchd.com/global/sustainability/governance/code-of-conduct

Training and education

Continuous training and education activities are essential for promoting compliance with company policies. In fiscal 2023, we conducted training on the critical topic of preventing insider trading for all employees of the PHC Group. The attendance rate for the training was 100% (excluding employees who were unable to attend due to leave of absence, maternity leave, childcare leave, etc.).
We will continue to provide training necessary to ensure compliance.

Internal control systems

PHC Group has introduced a Group-wide compliance helpline for use by employees. Compliance issues, such as potential fraud or human rights violations, can be reported by phone and email. The helpline can be used anonymously. In addition to contact points at each company, third-party reporting points such as law firms are also available in various regions around the world, thereby creating an environment which facilitates consultation and reporting by employees. Each company responds to any reported cases of noncompliance, and PHC Group has an escalation policy in place to handle any serious cases.

Human Rights Policy

The PHC Group has established, based on its Mission, the “3 Rules of Compliance” (“Compliance with laws and regulations,” “Fair trade,” and “Respect for human rights”) as a guideline to be followed when conducting its business activities.

Please click here to learn more about our Human Rights Policy:
https://www.phchd.com/global/sustainability/social/humanrights

Risk Management

PHC Group identifies risks such as natural disasters, geopolitical risks, cybersecurity issues, and technology inheritance based on the “Basic Rules on Risk Management,” and has designated risk managers and implemented countermeasures.
The Group established a Risk Management Committee in fiscal 2023 and the COO serves as the Officer in charge of Risk Management. The Committee conducts Group-wide activities and creates and implements countermeasures to avoid occurrence of risks and mitigate the impact in case of occurrence based on the Rules. The Risk Management Committee meets regularly to evaluate risks and review the countermeasures, and reports to the Board of Directors.

Please click here for details about business risks:
https://www.phchd.com/global/ir/risk

Business Continuity Plan (BCP) Initiative

BCP for critical systems

PHC Group is preparing to establish the system at our backup center in the event of a large-scale disaster.

Evacuation drills

Evacuation drills for an event such as natural disaster are held once a year in the Matsuyama and Gunma areas in Japan.

Evacuation drills

Cybersecurity and Data Protection

Company-wide policy

PHC Group has prepared standard documents such as information security management standards for Group companies based on the framework of the international information security standard ISO 27001. We operate and manage these standards on a global scale by using a unified system and rules.

Please click here to learn more about our company’s cybersecurity efforts:
https://www.phchd.com/global/sustainability/governance/security

Training and education

As part of cybersecurity training in fiscal 2023, we conducted two e-learning training sessions for Group employees in Japan: (1) Information security training (general education) and (2) Targeted email attack countermeasures training. The training attendance rate was 100% for (1) and 100% for (2), excluding employees without email addresses.
From fiscal 2023, we provide training on data protection to employees globally across the entire Group. The training attendance rate was 100%, including workers without individual computer.
The attendance rate of training and education related to cybersecurity and data protection has increased due to the active participation of employees. This shows that our cybersecurity efforts are widely disseminated among our employees, and we will continue to work together to build a safe digital environment.

Vendor review

We aim to conduct cybersecurity reviews at 100% of our outsourced vendors, and conduct annual measures for management of vendors. Based on the degree of cybersecurity impact, we target high-risk outsourced vendors from the following three perspectives (the implementation rate in fiscal 2023 was 100% within the operational scope):

  • Data: Vendors who receive, store, process and transmit “strictly confidential” or “confidential” information
  • System/network access: Vendors who directly access the networks or systems of PHC Group
  • Business processes: Vendors who support important business processes or require certain qualifications

Specifically, we investigate the status of ISO 27001 and Privacy Mark certifications for outsourced vendors. If vendors are not certified, we use a cybersecurity standard checklist and require that they have a score of 90 or higher, or that they have security standards that are equivalent to or higher than those of PHC Group. If compliance standards are not met, we consult with the outsourced vendors and take measures to avoid and reduce risks. We also conduct regular reviews and strive to maintain security standards.

Cybersecurity Committee

PHC Group convenes a Cybersecurity Committee to discuss the Group’s cybersecurity policy, KPI reviews, incident reports, and correction of security vulnerabilities. The meetings are attended by all Corporate Officers, including the President. At the meetings, members discuss any cybersecurity concerns and responses surrounding our business, and determine and implement necessary measures.

PHC GROUP Integrated Report

2024

PHC Group Overview and Vision

PHC Group Business Strategy

PHC Group Sustainability

Data Section

Mission, Vision, and Values
Sustainability top