Basic Policy for Risk Management
Sumitomo Electric has established the Risk Management Committee, which is chaired by the President, and promotes the measures that mitigate various risks associated with our business activities such as risks related to safety, disaster, quality and environment. The Risk Management Office serves as the organizer. If risks come to the surface, the crisis management system will be formed promptly and appropriately based on the Basic Policy of Risk Management.
Basic Policy of Risk Management
Risk management is performed based on the significance of the risks determined in consideration of the following issues:
Impact on business performance, maintenance of quality and safety
Social responsibility to ensure stable supply
Maintenance of favorable relations with stakeholders such as customers, suppliers, shareholders/investors, local communities and employees
Continuous compliance with laws and corporate ethics
Statements in the Sumitomo Spirit, the Sumitomo Electric Group Corporate Principles and the Sumitomo Electric Group Charter of Corporate Behavior
Risk Management System
Identifying and Addressing Major Risks
Risk Management Activities
In accordance with the risk categories below, Sumitomo Electric takes inventory of risks in each unit and affiliate every year and promotes planning and implementation of measures to address significant risks and insufficiently controlled risks. Thus, Sumitomo Electric is following risk management procedures consistently to raise the group-wide risk management level.
Risks to our Group are classified as follows in our risk reduction initiatives.
|Major category||Middle category||Minor category|
|Externally generated risk||Non-financial risk||
Disaster risk, crime risk
Political and country risks, etc.
Market risk; e.g. interest rate, exchange rate and material prices
Liquidity risk, etc.
|Internally generated risk||Strategic risk||
Competitive strategy risk, etc.
Product quality and safety risks
Occupational hazards, facility accident and safety risks
Labor, human rights and personal information risks
Financial information credibility and asset protection risks
Information and communication system risks
Intellectual property rights risk
Reputation risk, etc.
As part of the Company's risk management efforts, Sumitomo Electric developed business continuity plans (BCPs) in fiscal 2007 to ensure that our business activities can be continued even in the event of an emergency, such as an earthquake, influenza pandemic and fire, and that we can resume operations at the earliest possible time. Furthermore, we promote business continuity management (BCM) to keep the BCPs updated and provide employees with practical training, thereby preparing them to respond to emergencies.
The Sumitomo Electric Group enhances disaster awareness of employees by implementing joint emergency drills twice a year (in the daytime and at night). These are evacuation drills, including confirming the safety of employees and simulating the initial response to emergency situations. Besides these drills, we are expanding the communications equipment available (introducing satellite mobile phones and digital walkie-talkies), reviewing measures to prevent disasters and preparing for situations in which it is difficult for employees to return home.
In terms of information security, Sumitomo Electric considers in-house information systems, as well as all information handled by such systems, to be important assets. In October 2003, the Company formulated the Information Security Policy, which declares that the Company will appropriately protect and manage such assets. The Company also strives to continuously improve the information security management system, by establishing security measure standards, including information leakage countermeasures and risk management measures.
Information Security Policy
As a part of the Sumitomo Electric Industries Group, based on its management concept, we aim to be a company that is trusted at all times, and shall make following efforts for information security in order to contribute in making a safe and secure society and environment.
Provide excellent products and services with sufficient consideration for information security and respond the customer’s requests
Securely protect information received from customers and business partners
Securely protect company’s information assets required in manufacturing and office work
Strive for constant growth by nourishing information security human resource and conducting continuous employees training
Revised in October 2016
Strengthening of Our Information Security Management System
Moreover, conscious that we have a social responsibility to maintain a high level of security in our products, in October 2016 we launched the “SEI-CSIRT Office” as a means of further strengthening information security management to encompass our products and production equipment.
The company also provides education on information security for all employees every year to ensure observance of the rules. Our conventional efforts to strengthen information security include encryption of the hard drive of laptop computers, supply of safe and secure file transfer service and restriction on data storage in portable electronic media. And our efforts are not limited to administrative operations. To improve security in our production equipment, we limit the devices that can be connected to equipment and have stepped up measures to combat viruses, while in the area of products and services, we are tackling vulnerabilities, developing secure products, and so on.
Personal Information Protection
In accordance with its Personal Information Protection Policy, Personal Information Protection Rules and other rules, Sumitomo Electric properly deals with the personal information of customers, business partners and employees handled in the course of its business while complying with laws, regulations and other standards relating to the protection and use of personal information. We also formulated the rules for handling specified personal information in November 2015 to ensure that such information is handled properly in accordance with laws and regulations and to prevent leakage and other problems. In addition, we revised the aforementioned policy and rules in May 2017 in response to the full implementation of the amended Act on the Protection of Personal Information. Also, we have newly developed EEA＊ Residents Personal Data Handling Rules in response to the enforcement of the EU General Data Protection Regulation (GDPR) in May 2018 to properly protect the personal data of EEA residents as specified by GDPR. Contract procedures to smoothly share personal data of EEA residents in our group have been also completed. Furthermore, we have put in place a system to promptly report any leak, loss, damage or other infringement of personal data of EEA residents to the supervising agency in the EEA.
Security Trade Control
Sumitomo Electric has set forth internal rules on security trade control to ensure compliance with export control regulations aimed at international security, and established an export control system headed by a representative director.
Our export activities are conducted after proper screening of individual business transactions and obtainment of necessary export licenses such as comprehensive export license.
Our employees and persons concerned are provided with position-based training, as well as periodical training, which deals with the latest cases, and training at the time of their appointment to the position, so that they are aware of their responsibility for security trade control and obtain necessary knowledge.
We also conduct audits in the Company and its affiliates in Japan and overseas constantly to monitor export activities, and share information between different divisions within the Company and between affiliates through various committees to reduce the risks in the security trade control activities of the entire group.
Intellectual Property Protection
Sumitomo Electric develops and manufactures various products based on its unique technologies. Proper protection and management of those products based on intellectual property rights (IPRs) is an important issue for our business management. Therefore, while promoting technical development, we are actively committed to the appropriate management of technical know-how and internal data as well as acquisition and use of IPRs such as patent rights and design rights. At the same time, we pay scrupulous attention and respect to the IPRs of other companies.
To this end, we have developed a rule on handling of trade secrets and intellectual property, and established an organization to provide business units and R&D units including those in our subsidiaries with necessary support, such as management of inventions, investigation of prior arts and IPRs of other companies, promotion of technology standardization activities and formulation of strategy and response from the perspective of intellectual property-related laws and regulations, in the Intellectual Property Department. Actual intellectual property activities, including planning and implementation of them, verification of the progress and results and correction of any inappropriate points, are promoted through concerted efforts among respective divisions, R&D units and the Intellectual Property Department in the IP strategy meeting, which led by strategic IP committee members of the divisions and responsible persons in the Intellectual Property Department, based on the PDCA (plan-do-check-act) cycle.
To improve the IP activities of our Group as a whole, we continue to organize IP training sessions that match the experience and level of proficiency of each employee (10 courses in a year) and publish in-house newsletters such as "IP news" and "Standardization activity news." We also hold an Intellectual Property Right and Standardization Convention every year as a company-wide event to commend outstanding IP activities.