Risk Management
Risk Management
Basic Approach
Casio pursues risk management under the basic policy to predict risks, implements preventative measures to minimize potential losses, and, if losses are incurred, takes effective follow-up measures to ensure business continuity. In addition, Casio has established the Casio Business Conduct Guidelines, which specifically outline important codes of conduct for executives and employees of the Casio Group in implementing the Casio corporate creed of “Creativity and Contribution” across the company’s businesses. Casio works to ensure that executives and employees comply with laws and regulations and engage in appropriate conduct from an ethical perspective based on the guidelines.
Internal Control Committee
The Internal Control Committee carries out cross-sectional integration of functions related to internal control, including compliance, information security, and risk and crisis management, to realize an effective, streamlined, and fail-proof risk management structure. It also deliberates and makes decisions on policies and responses to issues concerning internal control in general within the Casio Group.
In June 2022, the Internal Control Committee was transitioned from an independent organization to the business execution side of Casio’s corporate structure in order to further promote appropriate, sound, and efficient business operations, which is the purpose of internal control. In cooperation with the Management Meeting, the Internal Control Committee visualizes and checks business operations from the viewpoint of appropriateness, soundness, and efficiency, thereby ensuring the reliability of the system for addressing various risks, including compliance aspects.
Risk Management Structure
The business environment surrounding the Casio Group is changing rapidly. In order to respond promptly to change amid increasing uncertainty, it is necessary to identify the signs of risks that are expected to affect the Group’s business and take the required countermeasures with speed on a global basis. Under the supervision of the Internal Control Committee, Casio works to visualize and centrally manage the status of group-wide risks and to minimize the impact on the Group’s business, with continuous monitoring by the Board of Directors.
Responding to Important Risks
In order to effectively conduct risk management, we predict various risks that may involve the Casio Group, and conduct global risk surveys to identify the frequency and impact of risks occurring and assess if appropriate measures are taken. In particular, Casio has identified risks including geopolitical risk and information security that affect the Group’s business as important risks, and it is implementing countermeasures.
1) Geopolitical Risk
In the course of engaging in business activities on a global basis, various risks are expected to arise due to the political and economic conditions in each region. Casio prepares appropriate measures to secure the supply chain and ensure the safety of employees after analyzing the level of impact when a risk arises in each aspect of business activities, including procurement, production, logistics, and sales.
2) Information Security
In addition to responding appropriately to the increasing number of information security incidents, Casio is continuously strengthening its information security management level, both in normal times (proactive measures) and in emergency situations (post-incident measures). We have established the Computer Security Incident Response Team (CSIRT) so that take rapid action in the case of an incident. While implementing technical measures within the Group backed mainly by the Information Technology & Engineering Department, we are working on defining rules and conducting education among employees.
Business Continuity Plan (BCP)
In order to respond to emergencies with the resources of the company organization, Casio has created a Crisis Management Manual for securing the safety of all employees, executives, and their families, preserving corporate assets.
Casio is also working to strengthen its business continuity plan (BCP). In the event of a major disaster, Casio establishes a Business Continuity Task Force and conducts an emergency response based on the Business Continuity Manual to continue providing products and services to countries around the world. In doing so, we aim to live up to the trust of our business partners and customers by minimizing damage and quickly restoring business operations.
From the standpoint of corporate responsibility to society and local communities, we also consider contributing to disaster response and recovery efforts, as well as cooperating with national and local government disaster prevention and mitigation measures.
Information System Disaster Response Measures
Casio expanded its remote work system as a measure to control the spread of COVID-19. Meanwhile, it is more important than ever to build system infrastructure for supporting business continuity in natural disasters such as earthquakes, typhoons, and torrential rain. In addition, the stable operation of IT systems for business continuity is also becoming increasingly important with the digital transformation (DX) of business.
In this context, Casio employs a cloud environment and robust external data centers with quake-absorbing structures and in-house power generation as measures for ensuring business continuity. These measures ensure construction and operation of systems that can flexibly and quickly respond to business changes while ensuring the safety and availability of important servers.
Moreover, while ensuring information security, particularly in the communication environment (portal site for employees, e-mail, online meetings, etc.), the company uses external services for BCP measures.
Information Security
Casio strives to appropriately manage and handle all of its information assets, including information that it collects from customers and suppliers. Casio has articulated information protection rules along with its Information Security Rules and implements regular education for employees to continuously raise awareness of information security and ensure the implementation of safety measures. Additionally, Casio has established an organizational structure to ensure compliance with laws and regulations on privacy protection outside Japan, including the EU’s General Data Protection Regulation (GDPR), which covers the handling of personal information of European users. We are also strengthening measures to respond to the increase in cyber-attacks due to recent changes in international circumstances.
Education and Awareness Raising
Information security cannot rely only on technical measures; it is also important for everyone handling information to know the required safety procedures, and to incorporate them into their work habits. At Casio Computer Co., Ltd., all officers and employees receive regular information security training through e-learning. The employees eligible for this training have been expanded to include those at Group companies in and outside Japan. The training covers general information security, as well as protection of personal information and other compliance matters, based on changes in society and in the company's business environment. Information security is being improved by providing this training content in a timely manner. In addition, to raise daily awareness, we have issued an information security handbook summarizing basic matters in clear, concise content and conduct targeted attack email training to prepare for possible contingencies as part of our training and awareness-building efforts.
Initiatives to Prevent Information Leakage
As an initiative to prevent information leakage, Casio ensures, as an organizational measure, that all employees handling information understand and follow necessary safety procedures. Casio requires employees to apply for permission before taking information or information devices off company premises. We have also established internal rules regarding such matters as limitations on sending emails externally, as well as proper information disposal. Training is provided on these rules in an effort to raise awareness and strengthen measures to prevent information leakage.
As a technical safety measure, Casio is strengthening its ability to monitor unauthorized access to its websites and suspicious transmissions on its internal network, in order to upgrade its preparedness against the recently growing threat of targeted attack emails and other external attacks such as those from malware via phishing emails. Furthermore, accompanying the growth of remote work and the use of cloud services, Casio has deployed a multilayered defense system including the establishment and introduction of a Zero Trust Network that includes security measures for computers used by employees and the abolition of the use of password-protected compressed files, which can become a hotbed of malware infection.
As a measure to cope with the increasing use of the cloud environment, Casio has established guidelines and security checklists for cloud use and disclosed them internally to strengthen measures to ensure safe use of the cloud environment.
Information Security Certification and Initiatives
Casio has focused on established a system for prioritizing the protection of personal information, publicly disclosed its Privacy Policy on its website, and remains committed to the safe and appropriate handling of personal information. In December 2005, Casio Computer Co., Ltd. obtained Privacy Mark*1 certification and has maintained it since.
Casio’s Information Systems Department obtained information security management system (ISO 27001)*2 certification in November 2007. In February 2023, the certification was renewed, with the scope of certification expanded to include the entire Digital Division in response to the further advancement of digitalization.
JQA-IM0536
Scope of application/operations for ISO27001 certification
Digital Division, Casio Computer Co., Ltd.
Planning, development, maintenance and operation of internal information systems supporting the manufacture, sale and service operations for electronic devices at Casio Computer Co., Ltd. and each group company, and the development, maintenance and operation of network infrastructure for the Casio Group
*1 Privacy Mark: A program where the Japan Information Processing Development Corporation, a public-service foundation, evaluates the adequacy of corporate protective measures related to the handling of personal data. Companies that are found to have adequate protective measures in place are certified and permitted to display the Privacy Mark.
*2 A program whereby a company establishes a system for using, maintaining, and protecting information within the applicable scope (e.g., business, locations) based on international standards for information security management systems, and a certification body conducts audits of the system and issues certifications.
Stable Supply of Products
Approach to Stable Product Supply
Delivering a stable supply of products is one of the most important responsibilities of a manufacturer, and is required to ensure customer satisfaction and loyalty.
Casio aims to optimize the innovation process by leveraging its robust platforms for purchasing and manufacturing technologies. This allows Casio to consistently provide the market with high-quality products at reasonable prices while raising customer satisfaction.
Supply Network Is Highly Responsive to Changes in Demand
The demand/procurement environment is changing drastically this fiscal year due to the impact of COVID-19 and the changing situation in China and Russia. Casio aims to optimize production, sales and inventory, without sticking to previous divisions of rules and systems. Examples of specific activities include early achievement of supply chain reforms and engineering reforms aimed at the post-COVID period.
- Supply chain reform (Optimize production, sales and inventory with the minimum amount of resources and staff)
- Promote automation of operations (reduce steady-state operations)
- Introduce production linked to real demand (PSI linked, inventory reductions)
- Optimize/introduce IT for functions of production and management sites (procurement, manufacturing, logistics)
- Engineering reforms (Raise product value and achieve competitive advantages in QCD)
- Make costs and processes for product planning/development through manufacturing visible and seamless
- Strengthen PLM (raise profitability after commercialization)
- Achieve zero-defect, ultra-low-cost design and manufacture
- Sustainable supply of products
Casio seeks to increase the value of its products by actively adopting components and materials intended to contribute to a sustainable society, such as solar-powered components, renewable materials, and biomass plastics.
Diversifying Production Risk and Producing Core Components In-house
Casio maintains a stable supply of products by having each production site manufacture multiple product items, and by ensuring that two different sites can produce any given Casio product.
The company is also increasing the internal production of components in order to protect newly created technologies and to reduce parts procurement risk.
Production sites for individual products