2022年度 本社―被災地連携演習の様子(本社会議室)
The Furukawa Electric Group has established the Risk Management Committee, chaired by the President, vice-chaired by the General Manager of the Risk Management Division, and composed of members from the management level. This committee deliberates on issues related to the Group's risk management, internal controls, and compliance, and has adopted a system for supervision and promotion.
The Risk Management Committee provides a bird's-eye view of risks by assessing risks from the management and operational perspectives, and determines important risks that must be addressed on a company-wide basis and prioritized for action. In addition, we have established special committees to focus on the management of risks that are considered highly important, such as quality control, health and safety, environment, and disaster prevention and business continuity management (BCM).We are working to strengthen our risk management system related to business activities. When important decisions are made by the Board of Directors, the Management Committee, or through the approval process, etc., the risks anticipated from such matters are clearly stated in documents, etc., and decisions are made based on an awareness of these risks.
Our Risk Management Committee evaluates risks from the management and operational perspectives to identify important risks that must be addressed on a company-wide basis, and prioritizes countermeasures. In each area, the committee promotes risk management related to business activities through the activities of various specialized committees, such as the Environment, Quality, Safety, and Disaster Prevention.
In the event of a crisis such as a large-scale disaster, Furukawa Electric Group will establish Emergency Response Headquarters, headed by the president, and Site Response Headquarters that defines each department's roles and clarifies them as necessary. We have prepared an initial response manual, stockpiled necessary supplies, and established a system for communication and safety confirmation, and conduct periodic drills.
Furukawa Electric Group, fully aware of its social responsibility, has formulated a Business Continuity Plan (BCP) and will work on Business Continuity Management (BCM) based on the following basic policy in order to minimize damage and continue business activities even in the event of unforeseen risks such as natural disasters and infectious diseases, etc.
Respect for human life
We place the highest priority on ensuring safety of all employees, their families, local society, customers and all other stakeholders.
Prevention of the expansion of damage
We will strive to prevent secondary disasters (fire at company facilities, environmental pollution, etc.).
Continuation and early restoration of important business
As a socially useful company, we will aim to continue important business as far as possible and even if it is suspended, we aim for early restoration.
Contribution to local communities
As a company trusted by society, we will strive to cooperate with local residents and local authorities.
Implementation of business continuity management
We will constantly review and improve our business continuity plan, aiming at becoming a company that is trusted by stakeholders and resilient to risk.
The Group is deeply aware of its social responsibility to protect human life and safety from disasters such as fires and earthquakes, and to continue its business operations. We place the highest priority on respect for human life, and continuously make efforts to mitigate damage and prevent secondary disasters as well as compliance with laws and regulations. We aim to clarify the roles of all employees, from management to staff, and to raise the level of our fire and disaster prevention activities in cooperation with the entire Group.
In order to strengthen the business continuity activities, we are actively working to obtain ISO22301 certification, the international standard for the business continuity management systems (BCMS). So far our “laser diode products business” (Chiba Works), “copper wire products business” (Mie Works), and “copper and copper alloy products (the original products) business”(Nikko Works), have acquired the certification.
In the event that a business site suffers extensive damage due to a natural disaster, etc., it is necessary to smoothly coordinate with the head office's emergency response headquarters and work as a team to achieve business restoration as quickly as possible. To prepare for such events, we conduct an annual drill to ensure coordination between the head office (emergency response headquarters) and business sites (affected areas).
In fiscal 2022, based on the assumption that a fire occurred at the Hiratsuka Plant, we conducted an exercise on the post-disaster information disclosure process by connecting the site and the head office remotely.
The task force in the affected area, the plant, the headquarters emergency task force, and the sales and planning departments participated in the exercise to examine the contents and timings of information required by various stakeholders, including customers, partners, shareholders, and investors, to verify the effectiveness of the current process.
We will steadily improve the issues identified in the exercise and promote employee training to further strengthen the resilience of critical business continuity.
Information security is considered one of the highest priority risks Furukawa Electric Group has to handle. Therefore, all related divisions are working together to address it from the perspectives of information systems, intellectual property protection, and information management.
As a technical measure against cyber security risks, which are becoming more sophisticated and serious every year, we introduced an EDR system*1 in FY2021, which monitors the behavior of PCs and other terminals and blocks unauthorized external communications, in place of conventional anti-virus software. As an organizational measure, in fiscal 2017 we began the activities of the "Furukawa Electric CSIRT*2" to promptly respond to incidents, large and small, of the Group.
In preparation for a situation in which Group companies and supply chains are targeted and damage expands, we are exploring ways to respond to incidents involving Group companies. In FY2022 we conducted cyber incident response training in collaboration with the CSIRT organizations of several domestic affiliates. In the future, we intend to expand the training to other major group companies, aiming to establish a global cyber security system for the Group.
*1 EDR System: EDR (Endpoint Detection and Response) is an information security product that monitors PCs and other terminals (endpoints) to detect and respond to abnormalities. Unlike conventional antivirus products that prevent virus infection and attacks, EDR is designed to detect viruses and respond quickly after infection, based on the premise that unauthorized access or other attacks may occur.
*2 CSIRT: The abbreviation of “Computer Security Incident Response Team”. The team is prepared to cope quickly with cyber incidents, investigating the cause, identifying the extent of effects, and eradicating the incidents.
Prior to the enforcement of the revised Personal Information Protection Law in April 2022, we informed employees of the revisions at in-house compliance seminars (November 2021) and information security awareness month (February 2022).
In addition, the Personal Information Protection Law in China went into effect in November 2021. We alerted our offices in China, provided guidance on how to respond, and took action when personal information is transferred from the local site. In February 2023, the Measures for Cross-border Standard Contracts on personal information were announced officially. After the enforcement of the law, compliance requirements for domestic and overseas companies regarding the transfer of personal information will increase, and we are taking measures to meet these requirements.
The Company aims to stabilize the management by strategically creating the intellectual property rights based on the patent portfolio management that grasps the trends in the other companies, also by reducing the intellectual property risks.
The intellectual property risks are divided into four categories: “Rights infringement risks”, “Counterfeit products risks”, “Contract risks” and “Technology leakage risks” and we continuously remind our employees to respond to risks. For example, against the “Technology leakage risks”, the following measures are taken: “Technology concealment of the development site and the production site”, “Information maintenance strengthening with the time stamp system”, etc.
We also develop the intellectual risk reduction activity in Furukawa Electric group globally through implementation of the systematic training, the regular publication of the newsletters introducing efforts to reduce those risks, and recognition of the President award for excellent inventions and activities, etc.
Following our international business development, risks that Furukawa Electric Group faces are becoming more diversified and complicated each year. We particularly recognize that risks inherent in overseas operations― mainly in emerging countries―and risks from the supply chain standpoint are our top priority issues as well as addressing geopolitical risks and economic security, and we will strengthen our countermeasures against them.
While assessing changes in the environment in the future, we will implement necessary countermeasures in a prompt and flexible manner.
Targets and Results (Risk Management / Internal Controls / Compliance)
| FY 2022 | FY 2023 | ||
|---|---|---|---|
| Targets | Results | Targets | |
| Thorough Compliance | Implement e-learning on Anti-Bribery and Competition law, and conduct training online in Mexico. |
We conducted e-learning for the Group and our domestic and overseas affiliates. We held compliance education remotely for local staff and expatriates in Mexico. |
Conduct seminars on Anti-Bribery and Competition law, and conduct education in Taiwan. |
| Advanced risk management for the entire group | Prioritize risks and continuously expand and deepen risk control activities. |
We created a system of evaluating risk control activities in order to continuously expand and deepen the activities. | Establish evaluation of risk control activities and identify issues for improvement of the system. |
| Strengthening cyber security measures | Conduct education and training, and expand establishment of incident response organizations in group companies. |
Information security education and e-mail response training are conducted annually. Our CSIRT* strengthens the incident response capabilities of the entire group, and conducts exercises with affiliated companies. |
Conduct education and training, and expand the establishment of incident response organizations in group companies. |
* CSIRT: The abbreviation of “Computer Security Incident Response Team”. The team is prepared to cope with cyber incidents.