The integrity, reliability and security of information in all its forms are critical to our company’s daily operations. Inaccurate, incomplete or unavailable information; external intrusions on information systems; or inappropriate access to information can damage and disrupt our business and have financial and reputation implications. Customers trust us with personal information so that we can meet their needs in different areas of our business, such as in our pharmacies, through our e-commerce platforms and more. We also have an obligation to protect the information entrusted to us by our teammates.
Fiscal 2022 Performance Highlight
96% of corporate office teammates completed Supplementary Phishing Training in fiscal 2022.
Our Approach
Our business strategy (see About Us) is enabled by an ambitious digital transformation program.
This increased investment in and use of digital tools means we also face increased risk of cyberattack—which is why in fiscal 2022 we updated our three-year cyber security roadmap to make sure we are keeping pace with both our evolving business initiatives and external threats. Our cyber security approach is all about having many layers of protections for devices, transactions, data and people, complemented by rigorous, round-the-clock monitoring.
We operate extensive and complex information technology systems that are vital to the successful operation of our business strategies. Our systems include mature endpoint monitoring, cloud security controls, threat hunting, threat intelligence, vulnerability management and 24/7 monitoring. In addition, all projects undergo security risk assessments and all new vendors undergo third-party risk assessment.
In fiscal 2022 we deployed multi-factor authentication widely across our business, initiated a new application security testing program to address vulnerabilities and continued to invest in building a culture of security. We place a strong focus on teammate awareness and training and on policies to govern the acceptable use of corporate devices and assets. Our Cyber Security Employee Awareness and Training program provides our team members with the knowledge to ensure they make informed decisions to protect our business from cyber-related threats. Some of that training is through monthly targeted phishing campaigns, mandated training, regular teammate communications on relevant cyber security topics, and digital signage.
We are committed to improving our operating systems, tools and procedures to become more efficient and effective. Our corporate Privacy Policy is available to the public on our corporate websites. It’s all part of our plan to protect our business and customers.