Risk Management

Risk Management

Risk Management Basic Approach

The IBIDEN Group enables business continuity by analyzing various risks surrounding management, accurately handling losses of business resources that have a great negative impact on the ease of our business operations, ensuring the safety of our shareholders, customers, officers and employees, and reducing and preventing losses of business resources.

Action Plan

  1. We devote efforts to maintaining the safety and health of employees and business partners and to conserving operating resources.
  2. We conduct ourselves so as not to impinge upon the safety, health, or profits of our shareholders, customers, and local and international society.
  3. In cases where risk is manifested, we work to achieve prompt response and recovery through responsible action.
  4. We reflect social demands related to risk in our risk management.
  5. We provide required information in order to avoid or reduce possible damage caused by misunderstanding and a lack of understanding.

Structure for Advancing Risk Management

Based on the resolution of the Board of Directors, the Group has established "Risk Management Regulations" to create a risk management structure and its management process. We also created the "Risk Management Company-wide Promotional Committee", which is tasked with improving risk management. The Committee is responsible for considering and deciding on general risk management issues. It also examines and reports the progress of actions to address major risks.

Advancing Risk Management

Based on its basic policy and Risk Management Regulations, the Group is actively developing risk management promotion activities by, for example, setting up a department responsible for each risk category, strengthening the accountability structure, and offering seminars and workshops geared toward officers and employees. These risk-management promotion activities are conducted by the Division Manager in Charge of Risk Management appointed by the Executive Officer in charge, and reported to the Risk Management Company-Wide Promotion Committee (Secretariat: Risk Management sections) chaired by the president & CEO.
The Executive officer in charge of Risk Management reports the risk management activity status to the Board of Directors once a year, and receives the Board of Directors' supervision as well as its confirmation of the effectiveness of the activity programs as a whole.
Should the internal audit or other mechanisms discover business actions that may create risk of loss, the Executive officer in charge of Risk Management is immediately tasked to understand the details of the said risk as well as the scope of its potential loss. He then gives instructions on swift and systematic measures and attempts to prevent the loss from occurring. Furthermore, in case of a large-scale accident or a disaster, he immediately sets up the headquarters to thoroughly understand the situation, implement first responses, and prevent further loss to minimize the loss.


【Diagram of a system of advancing risk management】

Diagram of a system of advancing risk management

Risk Assessment and Addressing risks

The Group undertakes risk management activities so that we may continue to reliably conduct our business operations. We regularly detect and assess risks to reduce risks in important areas: operational divisions are working on the risks related to strengthening our business competitive edge, while functional divisions are addressing the risks bringing serious repercussions to the Company's business. These risk management activities are implemented in conjunction with the policy management of each Division. Each Division uses a risk control matrix to identify, analyze and assess the risks that may materialize in daily operations and the degree of impact thereof, and checks whether risk reduction activities are taken.
Domestic and overseas Group Companies have introduced a regular biweekly risk information reporting mechanism. We strive to reduce risks to the entire Group by establishing a framework for checking the materialization of financial risks and other risks related to management, laws and regulations, personnel, and environment/health and safety, as well as how they are being addressed, and reporting the necessary information to management. Material cases are reported to the Board of Directors in a timely and appropriate manner.

Business Continuous Plan

Measures Taken against the Spread of New Infectious Disease

In preparation for the spread of infectious diseases, we have built a system to maintain a business continuity level essential for company survival, by formulating guidelines and response procedures, and by setting up a task force on infectious disease outbreaks in order to minimize the impact on employees and the local community. As preparation in ordinary times, we have shared information on our intranet, taken hygiene measures to prevent infection, and formulated necessary rules. As measures to combat the spread of the pandemic, the task force has centrally managed information such as the occurrence of infection in each area, the impacts of the infection, and relevant restrictions. We are thus striving to operate our businesses while minimizing the risk of infection, through measures such as changing the work systems depending on the relevant restrictions and the spread of infection.

Natural Disaster Preparedness

Considering the occurrence of large-scale natural disasters, such as earthquakes or floods, in areas where our plants are located as an important risk theme, we are taking measures to prepare for the occurrence of such disasters. As for measures to be taken when disasters such as earthquakes occur, we believe that lifesaving comes first, followed by the early supply of products to customers. With regard to concrete risk themes in the event of a natural disaster, including confirmation of the safety of employees, supply of materials by suppliers, equipment failure and occurrence of utility problems, we are building a response system, mainly led by the divisions that cope with such risks. Actually, based on a damage scenario assuming the occurrence of a Nankai Trough Megathrust Earthquake which may affect our plants and domestic affiliated companies, we have already advanced disaster mitigation measures, such as ceiling fall prevention, hazardous liquid medicine leak prevention, and equipment fall prevention.

Information Security Measures

Information concerning the operation, technologies and management of the Company is a valuable asset, and for a technology-development-oriented company like us, proper management of information including confidential information of customers and suppliers and prevention of leakage are important issues and responsibilities.
We have established a framework for information security promotion to block illegal access, etc. from the outside, and laid down a basic policy for proper use and custody of the information assets we own such as trade secrets, personal information and IT security environment under the "Regulations for Information Management." To improve the protection and utilization of information, we have kept all employees well-informed through the IT Promotion Committee and relevant education, as well as by raising awareness through the intranet. We also carry out emergency response drills against cyberattacks, etc. to enhance security awareness. In addition, having defined the reporting procedure in the event of an employee detecting an abnormality while using IT equipment, we put in place a system for promptly addressing such abnormality. In terms of the Company's IT infrastructure, we conduct analyses of security vulnerability, such as unauthorized access and information leakage, thereby strengthening our response to and countermeasures against risks on a continual basis. To prepare for contingencies such as equipment becoming inoperable due to external attacks by viruses, we carry out server recovery drills and revise our IT infrastructure recovery manual on a regular basis. Our data center, which houses the servers and IT devices we use, has obtained ISO 27001 certification. The external penetration test* conducted in FY2022 did not find any risks that would immediately lead to serious damage or any vulnerabilities that could be abused.
From the perspective of personal information, we have established internal regulations and a personal information protection policy, and have established the necessary procedures for collection, management, and use of personal information. The protection of personal information is clearly stated in the "Standards for Employee Behavior" and "Supplier CSR Guidelines" for individual employees and suppliers, and we require them to take appropriate actions through awareness-raising activities and education. Recently, falsification of data has become a social problem. Against this background, we introduced a data integrity audit, and are working to prevent falsification and incorrect handling of data for provision to customers. In FY2022, no information leaks that could affect our business activities were confirmed.

* A testing method that looks for any security vulnerabilities in systems connected to the network by trying to enter the system through methods and technologies often used by attackers from outside with malicious intent.