The Group has defined “Risk Management Rules” and is taking appropriate measures to consider risks from the perspectives of both opportunities and threats in order to maintain and enhance corporate value. In the event that a risk materializes, we are working to construct systems to minimize loss. The Risk Management Committee, which has been established to oversee these systems, determines risk management policies, and in line with these policies, manages risks that impact on the entire Group and require priority response. Additionally, the status of risk management activities is reported regularly to the Board of Directors.
The Group has created a business continuity plan (BCP) to address threats to the continuation of our business, such as natural disasters, outbreaks of infectious diseases, war, or acts of terrorism, and revises the plan as necessary to ensure a stable supply of pharmaceuticals to patients even in the event of such crises. We are also working to create systems that allow us to make decisions promptly and to improve our practical skills. To that end, we operate a platform intended to collect and share information when crises occur, and conduct training for executives and personnel responsible for critical operations that must continue during times of a crisis.
The Company has established an Information Security Office, through which it manages information assets and provides a response to incidents.
Main roles of the Information Security Office
- Implementation, instruction, questions, and recommendations to internal departments for measures related to information management
- Implementation and training related to information management
- Responses to requests from employees regarding information management
- Instructions, advice, requests, internal coordination, and reporting on responses to accidents or violations related to information management
Furthermore, in response to overseas business expansion and the increasing complexity of IT infrastructure, the Group will implement measures to ensure the safe and stable use of information and data communications technologies through surveys on security maturity at overseas bases, and enhancing security checks when using network security and cloud services. We are also taking steps to improve security, including that of our supply chain, by checking our business partner’s security.
In preparation for damage mitigation and early recovery in the event of an incident, we are examining our response system and flow in conformity with the above incident prevention measures.
The leakage of personal information not only harms third parties but could also seriously damage the credibility of the Company and cause irreparable loss.
The Group will comply with GDPR* and other personal information-related laws and regulations and re-examine its rules to strictly manage information in line with the overseas expansion of the Group.
- The EU’s General Data Protection Regulation (GDPR). A new personal information protection framework instituted by the European Parliament, European Council and European Commission.
We are constructing a new network environment with the goal of improving convenience and ensuring security for remote work, which has taken hold as a new way of working.