Fuji Electric is strengthening its risk management to maximize corporate value and minimize the potential losses that could result from various risks.
Based on the Fuji Electric Risk Management Regulations, which were formulated in May 2006, the Company manages risk in a coordinated, systematic manner.
We will appropriately manage to counteract all risks that could affect the Company’s management, while working to prevent risks from materializing (crisis situations) and reduce losses. In doing so, we will maximize Fuji Electric’s corporate value and minimize the impact on management in the event that risks materialize.
To strengthen risk management, Fuji Electric revised the types of risks it manages and its risk management system in fiscal 2015. The Company now focuses on the two risk categories of external risks and business risks, with business risks divided into the subcategories of strategic risks, operational risks, and shared risks, and conducts risk management optimized for each category.
For risks that are common to the whole of Fuji Electric, such as external risks and shared risks, the Headquarters Corporate Division determines the policies for countermeasures, prepares appropriate manuals, disseminates the necessary information to manage the risks, conducts education, and takes other measures. Business divisions and affiliate companies develop risk management systems as part of their business responsibilities, through which they implement risk countermeasures for strategic risks, operational risks, and other risks that cover the entirety of their business activities. When business plans are formulated for each fiscal year, business risks are analyzed and factored in to the plans.
To protect personal and confidential information properly, Fuji Electric has formulated and implemented a policy and regulations on information security, and institutes training programs for employees each year, and other measures to strengthen information security and prevent information leaks.
Based on our information security policy and regulations, each affiliate company has also drafted security regulations for overseas bases, taking into account individual countries’ laws and regulations. We stepped up our initiatives to educate employees about information security, distributing an information security handbook to employees at overseas subsidiaries and ensuring that all employees are aware of the issues. We conducted overseas information security audits at 41 companies in fiscal 2015. Going forward, we will make ongoing improvements throughout Fuji Electric, including overseas bases.
Companies that handle customers’ confidential and personal information, and who require a high level of information security management, acquire outside certification. As of April 1, 2016, five of our operations (at three companies) had acquired ISMS certification. Also, three companies—Fuji Electric Co., Ltd., Fuji Electric Information Technology Center Co., Ltd., and Fuji Electric IT Solutions Co., Ltd. —have acquired Privacy Mark certification.
Privacy Mark (JIPDEC)
|Companies that have acquired
|Fuji Electric Co., Ltd. (3 Divisions)|
|Fuji Electric IT Solutions Co., Ltd.|
|Fuji IT Co., Ltd.|
|Companies that have acquired
Privacy Mark certification
|Fuji Electric Co., Ltd.|
|Fuji Electric Information Technology Center Co., Ltd.|
|Fuji Electric IT Solutions Co., Ltd.|
Fuji Electric conducts internal audits as a part of efforts to lift the level of information security on a continuous basis.
In fiscal 2015, internal audits were conducted at all of Fuji Electric's departments and divisions as well as 26 consolidated subsidiaries in Japan and 28 consolidated subsidiaries overseas.
For issues identified by the internal audits, the divisions and companies will create improvement plans and all of Fuji Electric, including its overseas sites, will work to continually improve.
Fuji Electric conducts information security education and training on a regular basis. The Company is taking appropriate measures to increase awareness and the knowledge of each and every employee.
■Information Security Education and Training in Fiscal 2015
Fuji Electric Co., Ltd.
|Fuji Electric FA Components & Systems Co., Ltd.|
|No. of participants||
Other affiliated companies in Japan and overseas conduct their own respective information security education and training.
As part of our intellectual property activities, we employ a system to monitor other companies’ patents on a daily basis to prevent any inadvertent infringement of patents held by third parties.
To prevent infringement, we also conduct compliance program training.
With respect to our own patents, we actively acquire patent rights to protect our business. We also take measures against counterfeit products and take other steps to reduce risks related to intellectual property.
In fiscal 2015, our local IP division in China led efforts to uncover new inventions and implement countermeasures against counterfeit products. We also instituted countermeasures to prevent technology leakage and other precautions based on conditions in specific Asian countries, such as Malaysia.
Fuji Electric aims to ensure that it can continue its core operations even if an unexpected event such as a natural disaster or accident occurs, continuing to uphold its social responsibilities as a company and providing a stable supply of high performance, high-quality products and services required by our customers. To this end, we are promoting the following initiatives.
Based on our Disaster Prevention and Procedural Manual, we have created a disaster-preparedness headquarters system. Meanwhile, at operational sites and affiliates, we have put in place thorough measures to ensure that structures and facilities are earthquake resistant, stockpile emergency goods, and conduct regular drills, among other measures.
In addition to disaster-preparedness initiatives, Fuji Electric has formulated a business continuity plan (BCP) covering the head office, which acts as a command center during disasters, and its factories, which have a large number of key management resources that are required for supplying products, such as production facilities.
In fiscal 2015, we expanded the range of products covered under the BCP. We also asked officers and subsidiary presidents to begin participating in major disaster simulation drills based on earthquake scenarios and held other drills at both domestic and overseas bases. Through these efforts, we sought to improve our ability to respond to natural disasters.
We will continue our initiatives to further expand the number of products manufactured both in Japan and overseas that are covered under the BCP. We will also broaden the scope of bases at which drills are performed to promote wider awareness of the BCP while continuing to make improvements and thereby enhance our ability to ensure business continuity.
Major disaster simulation drill participated in by officers and subsidiary presidents
To reduce procurement risks, we have established a procurement BCP based on the following measures: 1) building a supplier damage information collection system; 2) securing multiple suppliers for key components; and 3) establishing alternate sites to carry out procurement operations.
In fiscal 2015, we continued working to secure multiple suppliers for key components while taking steps to reinforce our supplier damage information collection system, which extends to overseas bases.
Looking ahead, we will expand the scope of the procurement BCP to the procurement divisions of subsidiaries in and outside of Japan and strengthen the plan to effectively reduce procurement risks globally.
We have formulated an IT-BCP comprising initiatives for restarting and recovering the IT systems we need to continue operations and administration if a disaster, accident, or other event occurs, within the required time.
In fiscal 2015, Fuji Electric and its domestic affiliates stepped up measures to preserve their IT systems, such as improving disaster countermeasures.
In the future, we will promote these measures at overseas subsidiaries as well, as we continue our efforts to reduce IT risks.