Risk Management
- Related ESG :
- E S G
Management approach
Policy and approach
Toyobo Group, guided by its corporate philosophy of "Jun-Ri-Soku-Yu" (Adhering to reason leads to prosperity), aims to achieve sustainable growth and contribute to society by appropriately managing risks associated with its business activities. In our risk management activities, the risk-owning departments, such as front-line departments, identify and evaluate risks. These departments work in collaboration with corporate departments in charge of risk oversight to develop and implement risk mitigation measures. The Risk Management Department, is responsible for planning and promoting these risk management activities.
The Group reviews significant risks that need to be addressed annually, and by conducting appropriate evaluation and management, strives to earn the trust of stakeholders such as customers, local communities, and shareholders.
< Basic policy on business risk >
1. Establish a mechanism to visualize and understand where risks lie and the scale of their potential impact across Toyobo Group.
2. Allocate resources appropriately to avoid or mitigate the identified risks.
3. Continuously improve and enhance risk management activities by applying the PDCA (Plan-Do-Check-Act) cycle.
4. Raise individual awareness and responsiveness to risks through information sharing and training, eliminating lack of knowledge.
5. Foster a sense of ownership in risk management and promote team-based efforts to ensure participation by all members.
Business risks
The main risks recognized that could have a material impact on Toyobo Group's operating results and financial position are as listed below. The list does not include all the risks related to Toyobo Group.
Forward-looking statements were determined by the Group as of fiscal 2024-end.
< Incurred or highly probable risks >
- (1)
- Occurrence of disasters, accidents, and infections
- (2)
- Worsening of political and economic situations
- (3)
- Legal proceedings and other matters
< Medium- to long-term risks >
- (4)
- Purchase of raw materials
- (5)
- Product defects
- (6)
- Securing of human resources
- (7)
- Climate change
- (8)
- Environmental burden
- (9)
- Information security
- (10)
- Laws, regulations and compliance
- (11)
- Overseas business activities
< Financial risks >
- (12)
- Large forex movement
- (13)
- Large rise in interest rates
- (14)
- Sharp drop in share prices
- (15)
- Impairment loss of fixed assets
Structure
On April 1, 2021, Toyobo Group established the Risk Management Committee chaired by the President for centralized management of risks throughout the Group. The committee comprises executive officers of the business divisions and corporate departments as well as heads of risk-related departments, and members nominated by the chair. It convenes twice a year, every six months.
The committee discusses and deliberates on significant risks that may impact the entire Toyobo Group, as well as major issues that require management decisions, with the aim of ensuring comprehensive understanding and strategic management and response. It formulates and monitors the direction and plans for specific risk management initiatives, verifies responses during emergencies, and examines countermeasures for emerging issues, thereby working to strengthen the overall risk management framework.
Management structures
Initiatives
As part of our management policy, we seek to be a company that is able to grow sustainably by shifting from the survival-based thinking of the past to a sustainable growth orientation. We establish self-directed management activities appropriate to business areas and roles, assess company-wide risks and work toward their prevention and early detection, and, united as a Group, will build a system to advance measures for preventing recurrence of risks.
As a starting point for these activities, we conducted an assessment of company-wide risks. We identified serious risks from the results of evaluations in terms of the two axes of severity of impact and likelihood of occurrence, and monitor these risks regularly.
Major risks defined by the Group include those related to quality, safety and security disaster prevention, and legal compliance. In the Major Risks Survey of the Group companies, which was continuously conducted from FY2023 to the end of the first half of FY2025, we ascertained the status of risk responses at each company through dialogue based on possible risk scenarios. As a result of the risk assessment including overseas bases, we confirmed that there were no risks, including legal compliance risks, that would make it difficult for the Group to continue its business.
For risk items that require measures based on common frameworks, such as cybersecurity response and virus infection prevention, we collaborated with departments managing risk management to implement uniform risk measures, regardless of domestic or overseas locations. However, for risk items requiring regulatory compliance measures, we have recognized that each Group company is taking independent risk measures in their operating regions.
Any detected items that are common across the Group and that require attention are reported to the Risk Management Committee. Group-wide risk reduction activities are undertaken in collaboration with the departments managing risk management, business divisions, and Group companies.
Data security, privacy
- Related ESG :
- S G
Policy and approach
Today, as significance of information increasingly grows, how a company utilizes necessary information, advances development of products and technologies, and develops businesses in line with the times is a crucial factor in the company's survival.
The improper management of information can also have severe repercussions to a company from legal and social standpoints. As stated in our TOYOBO Group Charter of Corporate Behavior, our Group must properly manage information and prevent problems involving information security from occurring if we are to contribute to society and remain a company that earns people's trust.
Restated, it is necessary that every one of our officers and employees recognizes the importance of information security and the information assets that are the key to corporate survival, and, while effectively utilizing our information assets throughout the organization, maintains and secures the confidentiality, integrity, and availability of those information assets. Based on this thinking, our Group has declared our basic policies as follows:
< Information security policy (theme excerpts only) >
- 1. Management system
We will establish an information security management system with responsible executives placed at top, and will strive for proper management in line with the importance of and risks to information. - 2. Legal compliance and internal regulations
We will establish internal rules in accordance with information security-related laws and ordinances, countries' national guidelines, and other social norms, and will take strict action against violators of these rules. - 3. Education and training
We will conduct education and training for our employees on an ongoing basis to ensure that information assets are used properly, and will work to enforce compliance with rules. - 4. Operation of information systems
We will enact appropriate measures and endeavor to operate information systems stably to prevent unauthorized intrusion and the leak, falsification, loss, theft, destruction, obstruction of use, etc. of information assets. - 5. Handling of incidents
In the event of a problem involving information security, we will enact measures to minimize the damage, promptly investigate the cause, and strive to prevent recurrence.
Structure
Our Group has established the TOYOBO-CSIRT, led by a CISO appointed by top management, as an organization to promote information security measures and activities. TOYOBO-CSIRT assesses the status of information security across the company, formulates basic policies, maintains management systems, and implements and supervises specific measures.
To advance measures based on the decisions of TOYOBO-CSIRT, we have established a front-line operations team. We also convene TOYOBO-CSIRT on a regular basis to evaluate risk countermeasures, each time also reporting on activities related to information security.
By expanding the activities of TOYOBO-CSIRT throughout our entire Group, we will work to instill understanding of information security and enforce the protection of information assets, creating a state across the Group in which data, security, and privacy are secured and trusted.
Our Toyobo Transformation and Business Innovation Department, which has acquired ISO 27001* certification, undergoes a yearly external audit based on ISO 27001 to confirm proper operation of information security management. The Department conducts on-duty management at five business sites of the company (the head office, Research Center, Tsuruga Research and Production Center, Iwakuni Production Center, Inuyama Plant: 50% of all business sites), and also performs comprehensive management of other business sites through the Department's management system.
- An international standard for information security management systems
Toyobo Group information security management structure
We assign a person responsible for information security to each department and built a company-wide information management system to ensure the required information security level.
Targets and indicators
< Targets >
Toyobo Group establishes a structure to ensure cyber security as well as deepening employee understanding of information security and thoroughly ensuring protection of information.
< Indicators and results >
| Initiatives | Indicators | Targets (FY2025) | Results (FY2025) |
|---|---|---|---|
|
|
|
|
|
|
|
|
|
|
|
- The scope covers TOYOBO CO., LTD., its subsidiaries, as well as affiliates accounted for by the equity method and over which Toyobo has significant influence.
Initiatives
Protection of personal information
Awareness of the protection of personal information is increasing worldwide. Toyobo Group has established internal regulations and ensures their dissemination to comply with personal data protection laws in various countries, including the Act on the Protection of Personal Information in Japan, the General Data Protection Regulation (GDPR) in the European Union, and the Personal Information Protection Law in China. These internal regulations are reviewed and updated as necessary.
We will continue to strengthen our systems for protection of the personal information of customers, our business associates, shareholders, and employees.
Promotion of digitalization
Digitalization is advancing rapidly with the development of IT. Amid this change, Toyobo Group is advancing the construction of an IT system infrastructure that encompasses the entire value chain and is tackling the transformation of our business style and the creation of new solutions, making full use of digital technologies. By doing so, we seek to not only improve the efficiency of work but also strengthen our provision of value to society and to customers.
Additionally, we have promoted the digitalization of business by actively incorporating IT in our operations, including streamlining sales activities through IT tools, using IT to enhance manufacturing control, and enhancing the efficiency of intellectual property management through AI.
The IT and DX Planning Department, established in fiscal 2024 and reorganized into the Toyobo Transformation and Business Innovation Department from fiscal 2026, received recognition in February 2024 as a*1 for meeting the certification criteria set by the Ministry of Economy, Trade and Industry (METI) regarding DX promotion initiatives within Toyobo Group. Additionally, in December 2024, the division won the IT Award*2 for the first time, in recognition of its organizational restructuring and efforts in IT talent development, aimed at expanding business through DX promotion.
The Transformation and Business Innovation Department serves as a bridge connecting digital and business. It has begun various initiatives to drive organizational and business transformation across the entire Company and its businesses. Going forward, the entire Company will collaborate even more closely to expand the scope and utilization of digitalization.
- This system is certified by the government under the Digital Governance Code compiled by METI. It recognizes companies that promote initiatives such as formulating visions and establishing systems for achieving DX, based on the Act on Facilitation of Information Processing.
- The IT Award is presented by the Japan Institute of Information Technology, a public interest incorporated association, to companies and organizations in Japan’s industrial sector that have made outstanding achievements in management innovation through the effective use of IT.
Education and awareness-raising activities
As a part of our education and awareness-raising activities, we deliver the “Cyber Security Communication” newsletter every month to all employees of Toyobo Group in Japan and overseas. We also conduct testing of security comprehension twice a year to let employees self-check and reflect on their understanding of our education and awareness-raising activities.
Information security measures
Cyber attacks are intensifying year by year, often targeting overseas sites and Group companies. In response, we are working to raise the information security measures of our domestic and overseas affiliates to the same level as that of our headquarters, and to strengthen information security across the Group.
Specific measures include communication of policies and regulations and support for their improvement, support for the introduction of education for employees and managers, implementation of targeted email attack drills, deployment and inspection of IT reinforcement measures, and continuous strengthening of our contact system for security and incident response.
We conduct biannual targeted email attack drills, varying the level of difficulty and subject matter each time, for all employees of Toyobo Group in Japan and overseas. To ensure the safety of customer information and our internal information, including confidential information, we continually assess new threats and take appropriate countermeasures, including strengthened monitoring of both IT and OT*, patching of vulnerabilities, and prevention of unauthorized intrusions.
In addition, to promote and accelerate business innovation through digital transformation and to enable the effective use of data across Group companies and external partners, we are developing an IT infrastructure that allows users to access systems securely from any location.
- IT (Information Technology), OT (Operational Technology)
Protection of information in outsourcing
When outsourcing information assets containing confidential information, the Company has established outsourcing management rules for the following procedures: (1) evaluation and contracting of outsourcing partners; (2) monitoring of operations after the contract has been concluded; and (3) handling of information assets after the contract has been terminated.
When newly implementing operations to be outsourced (hereinafter referred to as “specified operations”), the department outsourcing the specified operations evaluates whether or not the candidate companies conform to outsourcer evaluation criteria in accordance with these rules. After the selection, the department submits the outsourcer evaluation results to the head of the information security department for approval. In addition, it is also stipulated that the implementation status of specified operations is to be regularly evaluated by the head of the information security department.
Outsourcer evaluation criteria are clearly stated in the Information Security Policy.
Initiative participation
Under the idea that we must address cyber attacks not only in our Group companies and supply chains but across society as a whole, we engage in active information sharing in cooperation with the JPCERT Coordination Center and the Nippon CSIRT Association.
Business continuity management (BCM)
Policy and approach
Business Continuity Management (BCM) within our Group is based on our corporate philosophy of "Jun-Ri-Soku-Yu" (Adhering to reason leads to prosperity). It is designed to support the Group’s sustainable growth by recognizing potential threats to our organization and their impact and responding effectively when disruptions occur. In practicing BCM, we prioritize the protection of human life, work to prevent secondary damage, and aim for a swift recovery to fulfill our social responsibilities and support the business continuity of our customers and partners through effective response measures.
Business continuity plan (BCP)
Policy and approach
Toyobo Group prioritizes the safety of employees and their families above all else and is committed to balancing the fulfillment of our supply responsibilities as a manufacturer with harmonious coexistence with the local environment and society. By detecting emergencies at an early stage and responding swiftly with necessary actions, we work collectively across the organization to minimize damage and achieve rapid recovery.
Structure
Under the Risk Management Committee, we have established a BCM Subcommittee composed of members selected from each department to promote BCM across the Group. This subcommittee leads the formulation of Business Continuity Plans (BCPs), training, and drills within each department. It also serves as the contact point for gathering and disseminating information and coordinating necessary actions to ensure business continuity in the event of major emergencies such as large-scale earthquakes. When an emergency occurs or is anticipated, a Companywide BCP Task Force is established to quickly bring the situation under control through prompt and effective action.
Initiatives
In fiscal 2025, we formulated the TOYOBO Group Business Continuity Plan (BCP) Guidelines to address the potential impact of a major earthquake (seismic intensity of upper 5 or higher), with a focus on a possible Nankai Trough Earthquake. These guidelines define procedures for assessing damage, communication systems, the designation of command personnel, recovery structures and roles, and task prioritization. We are also working to identify and manage risks across the entire supply chain. Building on this, we strive to diversify procurement sources across multiple countries and regions, and collaborate with logistics partners to establish alternative transport methods and routes. Moving forward, we will continue to regularly conduct employee training and drills to raise awareness and enhance the organization’s capacity to respond effectively and ensure business continuity.