Approach to risk management
As well as establishing a “Risk Management Basic Policy” that outlines our fundamental stance on risk management activities,Toyobo group is identifying various types of risk that could pose a threat across the entire range of our business activities, and are managing risk appropriately according to the characteristics of each risk. In an emergency, we immediately set up a task force under the instruction of the relevant corporate officer, and bring the crisis under control through a swift response. By putting these systems in place and conducting the initiatives, we work hard to earn the trust of our customers, the local community, and our shareholders and other stakeholders.
< Basic Policy on Business Risk >
To aim for growth and keep challenging and prevent damage to corporate value, the basic policy on risk management is prescribed as follows.
1. Social responsibility
To practice Jun-Ri, meeting expectations of society
To practice Soku-Yu (adhering to reason), raising the sustainable growth of the Toyobo group while contributing to social sustainability
3. Responsibility of management staff to the employees and employee responsibility*
Management staff creates a work environment where the employees can work safely, and the employees protect corporate value as their responsibility.
- All employees should take the lead to create an environment where they can work with peace of mind. However, to explicitly show to external stakeholders the principle that management staff should bear the primary responsibility for improving the workplace environment, we clarify the word "management" as the subject.
The main risks recognized that could have a material impact on the Toyobo group's operating results and financial position are as listed below. The list does not include all the risks related to the Toyobo group.
Forward-looking statements were determined by the group as of fiscal 2022-end.
< Incurred or highly probable risks >
- Occurrence of disasters, accidents, and infections
- Further worsening of political and economic situations
- Inappropriate behavior or similar in details of third-party certification registration
< Medium- to long-term risks >
- Purchase of raw materials
- Product defects
- Securing of human resources
- Climate change
- Environmental burden
- Information security
- Laws, regulations and compliance
- Overseas business activities
< Financial risks >
- Large forex movement
- Large rise in interest rates
- Sharp drop in share prices
- Impairment loss of fixed assets
Risk management structure
On April 1, 2021, Toyobo group established a Risk Management Committee headed by the President for centralized management of risks throughout the group. The committee comprises members of the Board of Corporate Executive Officers and Controlling Supervisors as well as members nominated by the chair, and in fiscal 2022, its first year of establishment, it convened four times.
This Risk Management Committee brings together risk management activities (identification, analysis, evaluation, and response), as well as formulating risk management policies for the group as a whole. It is working to strengthen our risk management structure by aiming to build effective and sustainable organizations and approaches.
In fiscal 2022, we began to operate the structure that we had designed and to promote activities aimed at reducing risks. We also started working to achieve company-level risk management and develop reduction activities targeting specific risks.
As a starting-point for these activities, we implemented assessment of company-wide risks. Based on a variety of risk scenarios, we performed assessment in terms of the two axes of the severity of impact and the likelihood of a risk occurring, and the results of this assessment were used to identify major company-wide risks that we need to pay particular attention to. Going forward, we will implement periodic monitoring activities in relation to these risks.
As part of our management operations, in order to build a company-wide structure to identify risks throughout the company, prevent their occurrence and ensure early detection, and also put in place measures to prevent reoccurrence, we are realizing the sustained implementation of self-directed risk management activities appropriate to particular business areas and roles.
Management Structures and Processes
Data security, privacy
- Related ESG :
- S G
Approach to data security and privacy
Amid the accelerating digitalization of society and increasingly important significance of information, the key to corporate survival will lie in continuing to create value that contributes to society and the environment by leveraging the necessary information to promote development of products and technologies.
On the other hand, inappropriate handling of information causes significant damage and impact. This includes loss of sales opportunities due to leakage of confidential information and information system outages, and legal and social sanctions as well as loss of corporate brand prestige due to leakage of personal and customer information.
The Toyobo group drew up the “Information Security Policy” to ensure the group's correct and safe handling of information and sustainable growth as well as its continuation as a trusted company and strives to appropriately manage and utilize all information assets.
In fiscal 2022, we worked to familiarize employees with the basic rules, for example by disseminating a video explaining the Information Security Policy, and guidelines and training videos for managers and information system users.
Toyobo Information System Create Co., Ltd., one of our group companies, has obtained ISO 27001* certification, and undergoes an external audit based on ISO 27001 on an annual basis to ensure that information security management is being properly implemented. Toyobo Information System Create Co., Ltd. has been commissioned to assign personnel to perform information system management at five Toyobo business sites (head office, the Research Center, the Tsuruga Research and Production Center, the Iwakuni Production Center, and the Inuyama Plant; these five sites represent half of all Toyobo business sites in Japan), and also provides comprehensive management at other business sites using Toyobo Information System Create's management system.
- One of the international standards related to information security management system
< Information Security Policy (theme excerpts only) >
- Organizational measures
- Employee-focused measures
- Information asset management
- Handling of personal information
- Access restrictions and authentication
- Physical measures
- Use of IT tools
- Introduction and operation of IT infrastructure
- Outsourced management
- Incident response
In fiscal 2019, as a subordinate organization of Information Committee, the Toyobo group set up a "Cyber Security Committee" which promotes our information security measures. The Cyber Security Committee grasps the status of company-wide information security, formulate the basic policy, maintain a management system, and implement and supervise each measure.
Each team is set up as a working unit to promote measures based on the committee's decisions. At the "Cyber Security Committee" which is held regularly, the risk countermeasures are evaluated and the activities for information security are reported every time.
The problem of cyber-attacks has been getting steadily more serious over the past few years, and Toyobo's overseas business sites and group companies have become targets on many occasions. With this in mind, we have been working to bring the information security measures of our affiliate companies, both in Japan and overseas, up to the same level as Toyobo aiming to strengthen information security through Toyobo group as a whole. As specific measures, we will disseminate and support the maintenance of policies and rules, support the introduction of training for employees and managers, conduct training on targeted e-mail attacks, deploy and inspect IT enhancement measures, and create a security incident response system. In addition, by expanding the activities of the Cyber Security Committee to the entire group, we will spread understanding of information security and ensure the protection of information assets, and create a state in which “data security and privacy” are ensured and trusted throughout the group.
Toyobo Group Information Security Management Structure
We assign a person responsible for information security to each department and built a company-wide information management system to ensure the required information security level.
Targets and KPIs
< Targets >
The Toyobo group establishes a structure to ensure cyber security as well as deepening employee understanding of information security and thoroughly ensuring protection of information.
< KPIs and Results >
|Initiatives||KPIs||Targets (FY2022)||Results (FY2022)|
- Scope is TOYOBO CO., LTD., TOYOBO STC CO., LTD., and TOYOBO INFORMATION SYSTEM CREATE CO., LTD.
Scope is consolidated subsidiaries (determined while monitoring situation)
Specific measures aimed at consolidated subsidiaries
・Application of Information Security Policy
・Roll out of measures to strengthen OA/FA
Response to European Union's General Data Protection Regulation
With regard to the European Union's General Data Protection Regulation (GDPR), we have instructed our group companies in the EU (in Germany, Spain and Slovakia) to formulate standards and implement training.
The development of IT is accelerating the evolution of the digital society. Responding to this change, the Toyobo group is developing an IT system infrastructure that encompasses the entire value chain, and we are transforming our way of business and creating new solutions, making full use of digital technologies. As well as improving business efficiency, we aim to enhance the value we provide to society and our customers.
The Toyobo group has promoted digitalization by actively incorporating IT in our operations. This includes streamlining sales activities using a variety of IT tools, enhancing manufacturing controls with the aid of IT, and more efficiently managing intellectual property through the use of AI.
In April 2020, we established a dedicated Digital Strategy Department to promote such activities on a company-wide basis. In accordance with our road map to 2024, we will strengthen the group's internal IT system infrastructure and push forward with digital transformation.
The IT and DX Planning Department has become a ”bridge” that connects digital and business and has begun each initiative to implement organizational and business transformation across the entire company and each business. In the future, the whole company will cooperate with each other to increase the scope and degree of digital utilization.
Status of major digitalization measures
- Conducted company-wide cognitive activities for in-house DX transformation.
Promoted business transformation by digitalizing each business, operation, and base.
- Sales (visualization of sales activities) / marketing automation
- Utilization of MI (Materials Informatics) in R&D field
- Smart factory in production and quality field, predictive detection, construction of infrastructure for quality data
- Planned and implemented the migration of legacy system adapted to DX transformation
- Developed DX human resources and strengthened promotion structure
Education and awareness-raising activities
As a part of our education and awareness-raising activities, we conduct biannual targeted email attack drills with differing levels of difficulty and subjects for all employees at Toyobo, Toyobo STC and Toyobo information System Create.
We also carry out security comprehension testing twice a year in order that employees can self-check and reflect on their understanding of our education and awareness-raising activities. In FY2021, a training video on the theme of information security was created in conjunction with Compliance Enhancement Month, and training was provided to the management level and disseminated at each workplace.
So that customer information as well as internal corporate information including confidential is kept secure, we take all appropriate measures such as keeping appraised of the latest threats, strengthening monitoring of office automation and factory automation, fixing vulnerabilities, and preventing unauthorized access.
Protection of information in outsourcing
When outsourcing information assets containing confidential information, the company has established outsourcing management rules for the following procedures: (1) evaluation and contracting of outsourcing partners; (2) monitoring of operations after the contract has been concluded; and (3) handling of information assets after the contract has been terminated.
When newly implementing operations to be outsourced (hereinafter referred to as "specified operations"), the department outsourcing the specified operations evaluates whether or not the candidate companies conform to the "outsourcer evaluation criteria" in accordance with these rules. After the selection, the department submits the 'outsourcer evaluation results' to the head of the information security department for approval. In addition, it is also stipulated that the implementation status of specified operations is to be regularly evaluated by the head of the information security department.
The “outsourcer evaluation criteria” are clearly stated in the “Information Security Policy”.
Business Continuity Plan (BCP)
BCP approach and policy
The Toyobo group has drawn up a BCP focused on combining both “fulfillment of our responsibility to supply products as a manufacturer” and “coexistence with the global environment and society,” and we make continual improvements. The BCP clarifies the chronological sequence of the roles and functions of each department from when a crisis occurs, through to its resolution. It also contains specific details of preparations during normal times.
At Toyobo, the nine sub-committees established under the auspices of the Sustainability Committee headed by the President as chair identify and verify the risk factors relevant to each sub-committee. In an emergency situation, we immediately set up a task force under the instruction of the relevant corporate officer, and bring the crisis under control through a swift response.
We are studying the function of risk management in particular among the functions of the Sustainability Committee in order to develop and establish a risk management structure that manages and responds to risk and have put in place a structure that keeps damage to a minimum in any situation, thereby facilitating business continuity.
Response to COVID-19
In our response to infectious diseases, the Toyobo group's top priority is the safety and well-being of our employees and their families, with the primary goal of protecting both society and the company, which we believe leads to business continuity.
Due to the new coronavirus infection (COVID-19) pandemic from early 2020, initially, there had been some concerns about supply and delays in logistics. However, we have swiftly collected supply chain information and promoted measures such as utilization of alternative products and routes to keep damage to a minimum. COVID-19 has sent shock waves through society, and we are forced to reformulate our society in the era of living with COVID-19 and after COVID-19. The Toyobo group will increase crisis resilience and strengthen business continuity through the activities of the Sustainability Committee and the sub-committees under its auspices.
< Ensuring employee safety >
- Encouraged home-based working and staggered working hours
- Ensured that the attendance rate is below 30% during the period of semi-emergency (coronavirus) spread prevention measures
- Implemented robust infection prevention and control measures
< Maintaining continuity of plants and production activities >
- Operation under BCP procedures
- Flexible inventory and production adjustments
Response to natural disasters, etc.
In recent years, various areas have experienced significant damage from earthquakes, typhoons and sudden localized rainstorms. We have gained knowledge in the process of responding to these events, and aim to realize even more stable business continuity.
Each of our main business sites have formulated a BCP, which is reviewed at irregular intervals. We recognize that a pressing issue is a company-wide BCP review in light of the recent increasing complexity and diversification of risks.
In terms of our emergency response, we have established an emergency response process in “Risk Management and Disaster Prevention, etc.,” a company-wide regulation, as well as setting out the systems for verifying damage and communication and the people with overall command, and structures and roles for carrying out recovery work. We have also established work procedures for recovery and the order of priority for recovery work after a disaster. In addition, we have introduced a safety confirmation system for employees and their families.
Buildings at our plants and business sites comply with the Act on Promotion of Seismic Retrofitting of Buildings. We also check hazard maps for the locations of our production plants, and each business site has formulated response procedures for the disaster risks (flooding, landslides, etc.). As part of our BCP, we strive to identify and manage risk throughout the supply chain. For procurement, we are looking to procure raw materials from multiple countries and regions, and for logistics, we are establishing alternative transportation means and routes in collaboration with logistics operators.