Risk Management

Fuji Electric is strengthening its risk management to maximize corporate value and minimize the potential impact of risks.

 

Basic Policy on Risk Management

Based on the Fuji Electric Risk Management Rules, the Company manages risk in a coordinated, systematic manner. We will practice appropriate management and counter various risks that could affect the Company’s management in order to prevent risks from materializing (crisis situations), thereby minimizing the impact on management in the event that risks materialize.

Related Link

Risk Management System and Process

■Risk management system

Fuji Electric’s business divisions and affiliated companies are responsible for managing risk related to their business activities as a part of their business duty, developing appropriate risk management systems, and implementing risk countermeasures.

Additionally, significant risks, such as those related to business plans and large-scale investments, are reported at the Executive Committee as appropriate to facilitate the sharing of information.

The internal auditing divisions conduct regular audits to confirm whether or not risk management is being properly performed at each business division and affiliated company.


■Risk management process

When annual budgets are formulated, business divisions and affiliated companies understand and evaluate risks related to their business activities. Policies and countermeasures in response to risks (aversion, mitigation, relocation, retention, and so forth) are considered based on their impact on management and frequency of occurrence, and each division and affiliated company appoints a person in charge of policy and countermeasure execution.

We also conduct mid-year progress checks at the end of the second quarter of each fiscal year to improve and effectively implement risk countermeasures.


Major Risks

Fuji Electric prepares Risk Management Sheets for each business division and affiliated company to help them address risks. Currently, the major risks that may affect Fuji Electric’s business performance and financial position are described here.

Strengthening Our Business Continuity Capabilities

In order to uphold its social responsibilities as a company, Fuji Electric aims to continue core operations even if natural disasters, accidents, and other unexpected events occur by providing a stable supply of high-performance, high quality products and services required by its customers.

In addition to fire safety and disaster-preparedness initiatives, we have formulated a business continuity plan (BCP*) at the head office, which acts as a command center during disasters, and at factories that house a large number of key management resources, as well as at branches that serve as contact points with customers.

We have also established Companywide BCPs for our procurement sections, which manage our supply chain, and for IT sections, which manage our information systems.

In fiscal 2019, we once again worked to strengthen our disaster response capabilities. For example, we conducted simulation training assuming a large-scale earthquake for business divisions, managers of each base, and business continuity promotion staff, and safety confirmation training for all employees. Going forward, we will continue enhancing our BCP to strengthen our business continuity capabilities.

* Business continuity plan

Fuji Electric received Resilience certification under the program established by the Cabinet Secretariat’s National Resilience Promotion Office in recognition of active efforts to ensure business continuity.

Fire safety and disaster-preparedness initiatives

Based on the Disaster Prevention and Procedural Manual, all of Fuji Electric’s bases have developed disaster-response systems and put in place comprehensive measures to ensure that structures and facilities are earthquake resistant. They also stockpile emergency goods, conduct regular drills, and take other preventive measures.

Procurement BCP

By identifying, assessing, and addressing supply chain risks that could affect our business continuity, we aim to build a stable production system over the medium and long terms.

In fiscal 2019, we officially introduced our BCP system. This has enabled us to automatically identify primary business partners in Japan (more than 4,000 companies) who are located in areas prone to natural disasters, such as earthquakes and typhoons, and quickly grasp the potential impact of a disaster on their safety and production operations.

In fiscal 2020, we will conduct natural disaster risk diagnoses of business partners who produce important parts and components based on their location, and assign them one of five risk rankings. We will then gradually adopt a multi-sourcing policy for procurement of highly important items. Due to the COVID-19 pandemic, meanwhile, we had time to grasp its impact on parts procurement in our supply chain, which has been expanding worldwide. Based on this, we started strengthening our BCP system in Japan. By inputting information on both primary and secondary business partners into our BCP system, we aim to speed up information gathering in times of emergency.

IT risk reduction

In fiscal 2019, we added cyber attacks as a new risk to be addressed in our ongoing IT-BCM* initiative, which is designed to help restart and restore information systems necessary for business and operation continuity within the required time in preparation for disasters and accidents.

To address increasingly diversified and sophisticated cyber security threats, we have established a computer security incident response team and a security operation center (CSIRT/SOC), through which we monitor and control any attacks.

We also take ongoing steps to respond more effectively to the continuous emergence of new threats. In addition to minimizing damage to information systems, for example, we are stepping up defenses to ensure early recovery, reinforcing our detection systems, and providing cyber training.

* Business continuity management

Responding to COVID-19

To deal with the COVID-19 crisis, we set up a response headquarters, headed by President Kitazawa, based on the Fuji Electric Risk Management Rules. The mission of the new entity is to simultaneously “prevent employee infections and the spread thereof” and “promote business continuity.” It collects and collates internal and external information related to COVID-19, determines measures to prevent infections and procedures to prevent the spread of the disease if an employee gets infected, and rigorously implements disease-prevention measures at Group companies in Japan and overseas.

Employee infections have been confirmed at some of our bases in Japan and overseas. To minimize infections and fulfill our social responsibilities, we are rigorously implementing infection prevention measures targeting all employees to ensure safety and security of themselves and their families. We are also increasing work flexibility by expanding teleworking and other systems. We remain committed to achieving business continuity while preventing the spread of infections.

Given the ongoing unpredictability of the pandemic, we will need to continue working together, united as a group. We will disclose information on our efforts related to COVID-19 on our corporate website as appropriate.

Information Security Measures

Implementation of security measures

To protect confidential and personal information properly, Fuji Electric has formulated and is implementing a policy and regulations related to information security with consideration for the laws of relevant countries. We have also established information management systems in each Group company and instituted various safety protocols, including operational site access and information access management systems. Meanwhile, we endeavor to prevent information leaks while maintaining and strengthening information security by instituting annual training programs for employees and conducting inspections and improvements through effective management and audits of workplaces.

External Certification Related to Information Security

Group companies that handle customers’ confidential and personal information and require high-level information security management have acquired external certification. As of April 1, 2020, a total of five departments at three Group companies have acquired information security management system (ISMS) certification. In addition, Fuji Electric Co., Ltd. and four subsidiaries have acquired Privacy Mark certification.

 

 

Privacy Mark (JIPDEC)


Companies that have acquired ISMS/Privacy Mark Certification

Companies that have acquired ISMS certification Fuji Electric Co., Ltd. (3 Divisions)
Fuji Electric IT Solutions Co., Ltd.
Fuji IT Co., Ltd.
Companies that have acquired Privacy Mark certification Fuji Electric Co., Ltd.
Fuji Electric Information Technology Center Co., Ltd.
Fuji Electric IT Solutions Co., Ltd.
Fuji Office & Life Service Co., Ltd.

Implementing Information Security Audits

Fuji Electric conducts internal audits as a part of efforts to lift the level of information security on a continuous basis. In fiscal 2019, internal audits were conducted at all of Fuji Electric's departments and divisions as well as 28 consolidated subsidiaries in Japan and 31 consolidated subsidiaries overseas.

For issues identified by the internal audits, the divisions and companies will create improvement plans and all of Fuji Electric, including its overseas sites, will work to continually improve.

 

Information Security Education and Training

Fuji Electric conducts regular information security trainings and works to improve information security awareness and knowledge among all employees.

 

■Information Security Education and Training in Fiscal 2019

Scope

Fuji Electric Co., Ltd.

Fuji Electric FA Components & Systems Co., Ltd.
Course

Information security

Information security

No. of participants

13,330

930

Other affiliated 28 companies in Japan and overseas conduct their own respective information security education and training.

 

Coordination with Information Security-Related Organizations

Fuji Electric participates in or coordinates with the following information security-related organizations.

  • 1. Nippon CSIRT Association
  • 2. Japan Computer Emergency Response Team Coordination Center

Measures to Prevent Infringement of Intellectual Property Rights

As part of our intellectual property activities, we employ a system to monitor other companies’ patents on a daily basis to prevent any inadvertent infringement of patents held by third parties.

To prevent infringement, we also conduct compliance program training.

We also conduct compliance training for employees as part of our effort to prevent infringements.

With respect to our own technologies, we actively acquire patent rights to protect our business. Fuji Electric continues to address overseas intellectual property issues and implement measures against counterfeit products to minimize business risks related to intellectual property.

Page Top