Risk Management
Risk Management
Basic Approach
The business environment surrounding the Casio Group is changing rapidly. In order to respond quickly to these changes amid increasing uncertainty, Casio must identify signs of risks that may affect the Group’s business on a global scale and take the necessary measures quickly.
Casio pursues risk management under the basic policy to predict risks, implements preventative measures to minimize potential losses, and, if losses are incurred, takes effective follow-up measures to ensure business continuity. In addition, Casio has established the Casio Business Conduct Guidelines, which specifically outline important codes of conduct for executives and employees of the Casio Group in implementing the Casio corporate creed of “Creativity and Contribution” across the company’s businesses. Casio works to ensure that executives and employees comply with laws and regulations and engage in appropriate conduct from an ethical perspective based on the guidelines and strives to foster a culture of integrity.
Internal Control Committee
The Internal Control Committee carries out groupwide management of functions related to internal control, including risk and crisis management, compliance, and information security, to build and supervise an effective, streamlined, and fail-proof risk management structure. At the global level, the Committee takes stock of all types of risks, confirms and supervises the response policies and operational systems related to the Group’s overall internal controls, and deliberates and decides on specific responses to issues that need to be addressed.
In addition, the Committee reports on the status of internal controls to the Board of Directors on a regular basis, and if it discovers any significant deficiencies, it reports to the president and the Board of Directors as needed and discusses responses.
The Internal Control Committee is positioned within the business execution system in order to vigorously promote the purpose of internal controls, which is “appropriate, sound, and efficient management.” By making business operations visible and checking them in terms of appropriateness, soundness, and efficiency in collaboration with the Management Committee, the committee has established a system that can respond to various risks, including compliance-related risks.
Risk Management Structure
All organizations within the Group are working to prevent the materialization of risks by proactively recognizing and assessing risks and taking risk mitigation activities on a daily basis in accordance with the Basic Risk Management Policy/Risk Management Regulations. Under the supervision of the Internal Control Committee, Casio works to visualize and centrally manage the status of group-wide risks and to minimize the impact on the Group’s business, with continuous monitoring by the Board of Directors.
Responding to Important Risks
In order to effectively conduct risk management, we predict various risks that may involve the Casio Group, and conduct global risk surveys to identify the frequency and impact of risks occurring and assess if appropriate measures are taken. In particular, Casio has identified risks including geopolitical risk and information security that affect the Group’s business as important risks, and it is implementing countermeasures.
1) Geopolitical Risk
In the course of engaging in business activities on a global basis, various risks are expected to arise due to the political and economic conditions in each region. Casio prepares appropriate measures to secure the supply chain and ensure the safety of employees after analyzing the level of impact when a risk arises in each aspect of business activities, including procurement, production, logistics, and sales.
2) Information Security
In addition to responding appropriately to the increasing number of information security incidents, Casio is continuously strengthening its information security management level, both in normal times (proactive measures) and in emergency situations (post-incident measures). We have established the Computer Security Incident Response Team (CSIRT) so that take rapid action in the case of an incident. While implementing technical measures within the Group backed mainly by the Information Technology & Engineering Department, we are working on defining rules and conducting education among employees.
Business Continuity Plan (BCP)
In order to respond to emergencies with the resources of the company organization, Casio has created a Crisis Management Manual for securing the safety of all employees, executives, and their families, preserving corporate assets.
Casio is also working to strengthen its business continuity plan (BCP). In the event of a major disaster, Casio establishes a Business Continuity Task Force and conducts an emergency response based on the Business Continuity Manual to continue providing products and services to countries around the world. In doing so, we aim to live up to the trust of our business partners and customers by minimizing damage and quickly restoring business operations.
From the standpoint of corporate responsibility to society and local communities, we also consider contributing to disaster response and recovery efforts, as well as cooperating with national and local government disaster prevention and mitigation measures.
Information System Disaster Response Measures
Casio expanded its remote work system as a measure to control the spread of COVID-19. Meanwhile, it is more important than ever to build system infrastructure for supporting business continuity in natural disasters such as earthquakes, typhoons, and torrential rain. In addition, the stable operation of IT systems for business continuity is also becoming increasingly important with the digital transformation (DX) of business.
In this context, Casio employs a cloud environment and robust external data centers with quake-absorbing structures and in-house power generation as measures for ensuring business continuity. These measures ensure construction and operation of systems that can flexibly and quickly respond to business changes while ensuring the safety and availability of important servers.
Moreover, while ensuring information security, particularly in the communication environment (portal site for employees, e-mail, online meetings, etc.), the company uses external services for BCP measures.
Information Security
Casio strives to appropriately manage and handle all of its information assets, including information that it collects from customers and suppliers. Casio has articulated information protection rules along with its Information Security Rules and implements regular education for employees to continuously raise awareness of information security and ensure the implementation of safety measures. Additionally, Casio has established an organizational structure to ensure compliance with laws and regulations on privacy protection outside Japan, including the EU’s General Data Protection Regulation (GDPR), which covers the handling of personal information of European users. We are also strengthening measures to respond to the increase in cyber-attacks due to recent changes in international circumstances.
Management System
Casio has established an information security implementation system headed by the president, and implements information security measures.
Education and Awareness Raising
Information security cannot rely only on technical measures; it is also important for everyone handling information to know the required safety procedures, and to incorporate them into their work habits. At Casio Computer Co., Ltd., all officers and employees receive regular information security training through e-learning. The employees eligible for this training have been expanded to include those at Group companies in and outside Japan. The training covers general information security, as well as protection of personal information and other compliance matters, based on changes in society and in the company's business environment. Information security is being improved by providing this training content in a timely manner. In 2025, we will provide security training for system administrators and strengthen our measures to address increasingly complex and sophisticated cyberattacks. In addition, to raise daily awareness, we have issued an information security handbook summarizing basic matters in clear, concise content and conduct targeted attack email training to prepare for possible contingencies as part of our training and awareness-building efforts.
Initiatives to Prevent Information Leakage
As an initiative to prevent information leakage, Casio ensures, as an organizational measure, that all employees handling information understand and follow necessary safety procedures. Casio requires employees to apply for permission before taking information or information devices off company premises. We have also established internal rules regarding such matters as limitations on sending emails externally, as well as proper information disposal. Training is provided on these rules in an effort to raise awareness and strengthen measures to prevent information leakage.
As a technical safety measure, Casio is strengthening its ability to monitor unauthorized access to its websites and suspicious transmissions on its internal network, in order to upgrade its preparedness against the recently growing threat of targeted attack emails and other external attacks such as those from malware via phishing emails. Furthermore, accompanying the growth of remote work and the use of cloud services, Casio has deployed a multilayered defense system including the establishment and introduction of a Zero Trust Network that includes security measures for computers used by employees and the abolition of the use of password-protected compressed files, which can become a hotbed of malware infection.
In addition, following the information leak incident that occurred in fiscal 2024, we have added security guidelines for all processes from development to operation, and clarified the standards. In addition, we are strengthening measures in terms of systems and operational structures to ensure the safe use of cloud environments. These initiatives will improve the information security level of the entire organization.
Information Security Certification and Initiatives
Casio has focused on established a system for prioritizing the protection of personal information, publicly disclosed its Privacy Policy on its website, and remains committed to the safe and appropriate handling of personal information. In December 2005, Casio Computer Co., Ltd. obtained Privacy Mark*1 certification and has maintained it since.
Casio’s Information Systems Department obtained information security management system (ISO 27001)*2 certification in November 2007. In February 2023, the certification was renewed, with the scope of certification expanded to include the entire Digital Division (current name: Digital Innovation Headquarters) in response to the further advancement of digitalization.
JQA-IM0536
Scope of application/operations for ISO27001 certification
Digital Division (current name: Digital Innovation Headquarters), Casio Computer Co., Ltd.
Planning, development, maintenance and operation of internal information systems supporting the manufacture, sale and service operations for electronic devices at Casio Computer Co., Ltd. and each group company, and the development, maintenance and operation of network infrastructure for the Casio Group
*1 Privacy Mark: A program where the Japan Information Processing Development Corporation, a public-service foundation, evaluates the adequacy of corporate protective measures related to the handling of personal data. Companies that are found to have adequate protective measures in place are certified and permitted to display the Privacy Mark.
*2 A program whereby a company establishes a system for using, maintaining, and protecting information within the applicable scope (e.g., business, locations) based on international standards for information security management systems, and a certification body conducts audits of the system and issues certifications.
Stable Supply of Products
Approach to Stable Product Supply
Delivering a stable supply of products is one of the most important responsibilities of a manufacturer, and is required to ensure customer satisfaction and loyalty.
Casio aims to optimize the innovation process by leveraging its robust platforms for purchasing and manufacturing technologies. This allows Casio to consistently provide the market with high-quality products at reasonable prices while raising customer satisfaction.
Supply Network Is Highly Responsive to Changes in Demand
The demand/procurement environment is changing drastically this fiscal year due to the impact of COVID-19 and the changing situation in China and Russia. Casio aims to optimize production, sales and inventory, without sticking to previous divisions of rules and systems. Examples of specific activities include early achievement of supply chain reforms and engineering reforms aimed at the post-COVID period.
- Supply chain reform (Optimize production, sales and inventory with the minimum amount of resources and staff)
- Promote automation of operations (reduce steady-state operations)
- Introduce production linked to real demand (PSI linked, inventory reductions)
- Optimize/introduce IT for functions of production and management sites (procurement, manufacturing, logistics)
- Engineering reforms (Raise product value and achieve competitive advantages in QCD)
- Make costs and processes for product planning/development through manufacturing visible and seamless
- Strengthen PLM (raise profitability after commercialization)
- Achieve zero-defect, ultra-low-cost design and manufacture
- Sustainable supply of products
Casio seeks to increase the value of its products by actively adopting components and materials intended to contribute to a sustainable society, such as solar-powered components, renewable materials, and biomass plastics.
Diversifying Production Risk and Producing Core Components In-house
Casio maintains a stable supply of products by having each production site manufacture multiple product items, and by ensuring that two different sites can produce any given Casio product.
The company is also increasing the internal production of components in order to protect newly created technologies and to reduce parts procurement risk.
Production sites for individual products
