Fuji Electric is strengthening its risk management to maximize corporate value and minimize the potential impact of risks.
Basic Policy on Risk Management
Based on the Fuji Electric Risk Management Rules, the Company manages risk in a coordinated, systematic manner. We will practice appropriate management and counter various risks that could affect the Company’s management in order to prevent risks from materializing (crisis situations), thereby minimizing the impact on management in the event that risks materialize.
Types of Risk and Risk Management System
■Risk Classification System
Fuji Electric divides risks into categories and conducts risk management optimized for each category.
■Risk Management System
Risk Management Process
Fuji Electric’s business divisions and affiliate companies are responsible for the management of risk related to their business activities as part of their business responsibilities, developing appropriate risk management systems and implementing risk countermeasures.
Additionally, significant risks, such as business plans and large-scale investments, are reported at the Executive Committee as appropriate, thereby facilitating the sharing of information.
Fuji Electric implements an annual risk management process and revises it continuously. When annual budgets are formulated, business divisions and affiliate companies understand and evaluate risks related to their business activities. Policies and countermeasures in response to risks (aversion, mitigation, relocation, retention and so forth) are considered based on their impact on management and frequency of occurrence, a person responsible for executing the policies and countermeasures is designated, and the policies and countermeasures are implemented. Mid-year progress checks are conducted at the end of the second quarter of the fiscal year, and risk countermeasures are improved and implemented.
Information Security Measures
Development of Security Policy and Regulations
To protect confidential and personal information properly, Fuji Electric has formulated and implemented a policy and regulations related to information security with consideration for the laws of relevant countries. In addition, information management systems are put in place at Group companies and systems have been instituted to manage access to operational sites and to information, among other information security measures. Meanwhile, we endeavor to prevent information leaks while strengthening information security by instituting annual training programs for employees and conducting inspections and implementing improvements through effective management and audits of workplaces.
Fuji Electric has developed a countermeasure system and established a computer security incident response team (CSIRT) and a security operation center (SOC) to handle ever more diversified cyber security risks, through which we monitor for attacks and quickly gain control in the event of attacks. We also take ongoing steps to improve our ability to respond to the constant emergence of new threats through the reinforcement of our defense and detection systems and through cyber training.
External Certification Related to Information Security
Companies that handle customers’ confidential and personal information and require high-level information security management have acquired external certification. As of April 1, 2019, a total of five departments at three Group companies have acquired information security management system (ISMS) certification. In addition, Fuji Electric Co., Ltd. and four subsidiaries have acquired Privacy Mark certification.
Privacy Mark (JIPDEC)
Companies that have acquired ISMS/Privacy Mark Certification
|Companies that have acquired
|Fuji Electric Co., Ltd. (3 Divisions)|
|Fuji Electric IT Solutions Co., Ltd.|
|Fuji IT Co., Ltd.|
|Companies that have acquired
Privacy Mark certification
|Fuji Electric Co., Ltd.|
|Fuji Electric Information Technology Center Co., Ltd.|
|Fuji Electric IT Solutions Co., Ltd.|
|Fuji Office & Life Service Co., Ltd.|
Implementing Information Security Audits
Fuji Electric conducts internal audits as a part of efforts to lift the level of information security on a continuous basis.
In fiscal 2018, internal audits were conducted at all of Fuji Electric's departments and divisions as well as 28 consolidated subsidiaries in Japan and 26 consolidated subsidiaries overseas.
For issues identified by the internal audits, the divisions and companies will create improvement plans and all of Fuji Electric, including its overseas sites, will work to continually improve.
Information Security Education and Training
Fuji Electric conducts regular information security trainings and works to improve information security awareness and knowledge among all employees.
■Information Security Education and Training in Fiscal 2018
Fuji Electric Co., Ltd.
|Fuji Electric FA Components & Systems Co., Ltd.|
|No. of participants||
Other affiliated 28 companies in Japan and overseas conduct their own respective information security education and training.
Coordination with Information Security-Related Organizations
Fuji Electric participates in or coordinates with the following information security-related organizations.
- 1. Nippon CSIRT Association
- 2. Japan Computer Emergency Response Team Coordination Center
Measures to Prevent Infringement of Intellectual Property Rights
As part of our intellectual property activities, we employ a system to monitor other companies’ patents on a daily basis to prevent any inadvertent infringement of patents held by third parties.
To prevent infringement, we also conduct compliance program training.
We also conduct compliance training for employees as part of our effort to prevent infringements.
With respect to our own technologies, we actively acquire patent rights to protect our business. Fuji Electric continues to address overseas intellectual property issues and implement measures against counterfeit products to minimize business risks related to intellectual property.
In fiscal 2018, efforts to strength patent survey functions were advanced along with application activities spearheaded by our local Chinese intellectual property division. At the same time, we implemented measures for countering risks associated with counterfeit products and intellectual property.
Measure to Strengthen Business Continuity Capabilities
In order to uphold its social responsibilities as a company, Fuji Electric aims to continue core operations even if unexpected events such as natural disasters and accidents occur by providing a stable supply of high performance, high-quality products and services required by our customers.
Fuji Electric received Resilience certification under the program established by the Cabinet Secretariat’s National Resilience Promotion Office in recognition of active efforts to ensure business continuity.
Fire Safety and Disaster Preparedness Initiatives
Based on the Disaster Prevention and Procedural Manual, all of Fuji Electric’s bases have developed disaster-response systems and have put in place thorough measures to ensure that structures and facilities are earthquake resistant, stockpile emergency goods, and conduct regular drills, among other measures.
Business Continuity Initiatives
In addition to fire safety and disaster-preparedness initiatives, Fuji Electric has formulated a business continuity plan (BCP) at the head office, which acts as a command center during disasters, and at factories that house a large number of key management resources. We have also established Companywide BCPs for procurement sections, which manage the supply chain, and for IT sections, which manage the information systems.
In fiscal 2018, we once again expanded the range of products covered under the BCP. In addition, we conducted simulation drills based on large-scale earthquake and explosion scenarios targeting business supervisors and base managers, while all employees took part in safety confirmation drills. Going forward, we will continue to expand the range of products covered under the BCP while striving to raise awareness of and make ongoing improvements to it, thereby strengthening business continuity capabilities.
Simulation drills in response to a large-scale earthquake
Procurement Risk Reduction
Reinforcement of Procurement Business Continuity Management
Acting in accordance with Fuji Electric’s procurement business continuity management regulations, we have established a procurement business continuity plan (BCP) that stipulates the following initiatives for mitigating procurement risks.
- 1) Building a supplier damage information collection system
- 2) Securing multiple suppliers for key components
In fiscal 2018, we sought to establish frameworks for quick confirmation of the impacts on the supply chain of any natural disasters that may occur while also installing infrastructure for swift and efficient surveys of the situation after disasters.
IT Risk Reduction
We have formulated an IT BCP comprising initiatives for restarting and restoring IT systems we need to continue operations and administration in case of disaster, accident, or other event within the required time.
In fiscal 2018, Fuji Electric and its domestic affiliates implemented simulation drills for bolstering their ability to restore IT systems should their operation be halted due to some disaster.
We are also planning drills for improving our cyberattack response capabilities.