The integrity, reliability and security of information in all its forms are critical to our company’s daily operations. Inaccurate, incomplete or unavailable information, external intrusions on information systems, or unauthorized access to information can damage and disrupt our business and have financial and reputation implications. Customers trust us with personal information so that we can meet their needs in different areas of our business, such as in our pharmacies, through our e-commerce platforms, loyalty program and more. We also have an obligation to protect the information entrusted to us by our teammates.
Fiscal 2023 Performance Highlights
of corporate office teammates completed Supplementary Phishing Training
of corporate office teammates completed Security Awareness Fundamentals
Our business strategy (see About Us) is enabled by an ambitious digital transformation program.
This increased investment in and use of digital tools means we also face increased risk of cyberattack—which is why in fiscal 2023 we continued to update and accelerate our three-year cyber security roadmap to make sure we are keeping pace with both our evolving business initiatives and external threats. We plan to achieve ISO27K information security management certification by 2025. Our cyber security approach is all about having many layers of protection for devices, transactions, data and people, complemented by rigorous, round-the-clock monitoring.
We operate extensive and complex information technology systems that are vital to the successful operation of our business strategies. Our systems include advanced endpoint detection, response protection and monitoring, cloud security controls, threat hunting, threat intelligence, vulnerability management, and 24/7 monitoring. In addition, all projects undergo security risk assessments such as threat risk assessment, vendor risk assessment and compliance impact assessment. We ensure that due diligence is carried out for all new and existing critical supplier partners.
We place a strong focus on teammate awareness and training and on policies to govern the acceptable use of corporate devices and assets. Our Cyber Security Employee Awareness and Training program provides our team members with the knowledge to ensure they make informed decisions to protect our business from cyber-related threats. Training is provided through our learning management system and through monthly targeted phishing campaigns, mandated modules, regular teammate communications on relevant cyber security topics and digital signage.