Risk Management | CASIO

Govemance

Risk Management

│Basic Policy

At Casio, we are promoting risk management under the basic policy to predict risks, implement preventative measures to minimize potential losses, and, if losses are incurred, implement effective follow-up measures to ensure business continuity.
Moreover, we have established the Casio Group Code of Conduct for all officers and employees to act with high ethical values and good sense in addition to obey international norms, applicable laws in each country and region, as well as company rules.

│Internal Control Committee

The Internal Control Committee is established as an independent organization under the Board of Directors that will deliberate and make decisions on policies and tasks concerning internal control in general within the Casio Group in order to realize an effective, streamlined, and fail-proof risk management structure which carries out cross-sectional integration of compliance, information security, and other risk management functions.

Compliance and Risk Management Structure

│Risk Management Structure

Risks that pose a serious impact on management are managed following the structure below based on the Risk Management Rules through collaboration among relevant organizations under the supervision of the Internal Control Committee.

Basic Structure

We will continue to develop education, training, and procedural manuals that serve as the foundation of Companywide risk management to prevent losses and minimize the impact on Company operations in the event of an incident.

Response Implementation Structure

This will serve as a total structure that ensures stable business continuity by enabling effective initial response, including prompt status assessment and information communication, and appropriate decision-making in the event of an incident.

│Implementation of Global Risk Survey

In order to effectively conduct risk management, we predict various risks that may involve the Casio Group, and conduct global risk surveys to identify the frequency and impact of risks occurring and assess if appropriate measures are taken. Currently, we have identified three important risks—competition law, privacy law, and cybersecurity—and are implementing the following measures.

Competition Law

We have established the Antitrust Compliance Program to be shared and promoted at all global locations and are conducting employee education. We are also endeavoring to further entrench this program by carrying out audits on antitrust compliance, reviewing responses to problems identified by audits, and implementing measures.
In Japan, the Act against Unjustifiable Premiums and Misleading Representations Compliance Committee was established by relevant departments, and awareness promotion activities, including development of self-management regulations and education, are being implemented. Moreover, we are striving to provide guidance through the responsible staff office, share customer opinions and feedback, and share case studies from self-audits and improvements implemented in relevant departments. Going forward, we will conduct regular audits based on the implementation status of education, and further enforce this program.

Privacy Law

As laws and regulations concerning personal information become more stringent globally, in order to promote business using data worldwide, we must adhere to the privacy laws of each country. To this end, in March 2021, we established the Office for Personal Data Protection outside Japan, a dedicated office for addressing global privacy laws. The office tracks legal trends of each country, ensures the appropriate handling of personal information—from acquiring to storage, usage, and disposal—and conducts employee education and regular audits.

Cybersecurity

We have established the Computer Security Incident Response Team (CSIRT) so that we can take accurate response to information security incidents that are on the rise and take rapid action in the case of an incident. While implementing technical measures within the Group backed mainly by the Information Technology & Engineering Department, we are working on defining rules and conducting education among employees.

│Response to the COVID-19 Pandemic

The impact of the COVID-19 pandemic is long lasting. The economy has slowed, primarily affecting consumer spending and corporate production, and these extremely harsh conditions continue.
Casio launched a task force in late January 2020 tasked with ensuring the safety of customers, business partners, and employees and their families, and is making preventing the spread of the virus a top priority. Casio is also working with related divisions both within and outside the Company, and doing all it can to minimize the impact of the pandemic on its business.
Casio introduced remote work early on as a specific initiative to prevent the spread of infection among employees and has enlarged the scope of application to strengthen its existing efforts on work-style reform. Employees who have to be on site to do their jobs are asked to come in on a staggered schedule, commute in their own cars, and use online meetings to reduce opportunities for interaction. In addition, Casio is working with regional health authorities to promote the creation of vaccination opportunities for employees and other persons in an effort to protect customers, business partners, and local communities. Casio has donated nursing calculators and masks made by Yamagata Casio that use Casio’s own technology to support medical sites.

With these measures, Casio worked hard to sustain its business even in periods when the coronavirus outbreak was at its worst. The Company is committed to providing the products and services that customers need, as well as to fulfilling its social responsibility for the business continuity of its business partners.

Business Continuity Plan (BCP) Initiatives

In order to respond to emergencies with the resources of the company organization, Casio has created a Crisis Management Manual for securing the safety of all employees, executives, and their families, preserving corporate assets. Sequential updates of the manual keep pace with changes in the business environment, and the company is taking practical initiatives at the same time. Specifically, the following measures have already been undertaken:

  • Implementation of regular evacuation drills and general lifesaving classes for employees
  • Distribution of emergency assistance kits to employees and additional disaster stockpiling
  • Disaster prevention drill with the local community and provision of an open area for a temporary evacuation site

However, in the Great East Japan Earthquake, which struck in March 2011, circumstances were encountered that far exceeded previous expectations. Casio used the lessons learned to identify various points for improvement. These points were reflected in a largely revised Crisis Management Manual based on the premise of responding to a major earthquake with Tokyo at its epicenter. Casio also produced the Disaster Handbook for the families of its employees to deepen understanding of disaster countermeasures in the home and promote disaster readiness. Furthermore, Casio has adopted a safety confirmation system and is introducing it to Group companies to enable information on the safety of employees and their families to be promptly confirmed when a disaster occurs.

Together with the initiatives above, Casio is working to enhance its business continuity plan (BCP). In the event of an emergency that interrupts business operations, such as a major earthquake, the plan outlines measures for the rapid confirmation of executive and employee whereabouts and well-being, as well as damage conditions, and the quick recovery and maintenance of operations. In the event of a disaster, a business continuity headquarters is set up, and it implements emergency measures based on the business continuity manual. The aim is to minimize damage by continuing to provide products and services to customers worldwide. Through rapid restoration of business operation, the confidence of business partners and customers is maintained.
From the perspective of corporate responsibility to society and local communities, Casio is also considering contributing to disaster emergency measures and disaster recovery, and cooperating with national and local authorities in disaster prevention and disaster reduction measures.

│Information System Disaster Response Measures

Establishing comprehensive systems to support business activities has become increasingly important to ensuring business continuity. In addition to being prepared for natural disasters such as earthquakes and typhoons, Casio provides employees with a remote work environment so they can stay home during outbreaks of disease, such as the COVID-19 pandemic. Furthermore, the importance of IT systems to business continuity, in the context of digital transformation, is becoming even greater.

Casio employs a cloud environment and robust external data centers with quake-absorbing structures and in-house power generation as measures for ensuring business continuity. These measures ensure construction and operation of systems that can flexibly and quickly respond to business changes while ensuring the safety and availability of important servers.

Moreover, while ensuring information security, particularly in the communication environment (portal site for employees, e-mail, online meetings, etc.), the company uses external services for BCP measures.

As a result of these responses, Casio has been able to make a smooth transition to remote work and to support business continuity on the systems side, adapting even to the state of emergency declared by the Japanese government due to the coronavirus.

Information Security

Casio strives to appropriately manage and handle all of its information assets, including information that it collects from customers and suppliers. Casio has articulated information protection rules along with its Information Security Rules and implements regular education for employees to continuously raise awareness of information security and ensure the implementation of safety measures. Additionally, Casio has established an organizational structure to ensure compliance with laws and regulations on privacy protection outside Japan, including the EU’s General Data Protection Regulation (GDPR), which covers the handling of personal information of European users.

│Education and Awareness Raising

Information security cannot rely only on technical measures; it is also important for everyone handling information to know the required safety procedures, and to incorporate them into their work habits. At Casio Computer Co., Ltd., all officers and employees receive regular information security training through e-learning. The employees eligible for this training have been expanded to include those at Group companies in Japan, and this fiscal year we are also working to provide training to Group companies outside Japan.

The training covers general information security, as well as protection of personal information and other compliance matters, based on changes in society and in the company's business environment. Information security is being improved by providing this training content in a timely manner. In addition, an information security handbook summarizing basic matters in clear, concise content has been issued to raise awareness on daily basis. The handbook is used for training and awareness building.

│Initiatives to Prevent Information Leakage

As an initiative to prevent information leakage, Casio ensures, as an organizational measure, that all employees handling information understand and follow necessary safety procedures. Casio requires employees to apply for permission before taking information or information devices off company premises. We have also established internal rules regarding such matters as limitations on sending emails externally, as well as proper information disposal. Training is provided on these rules in an effort to raise awareness and strengthen measures to prevent information leakage.
As a technical safety measure, Casio is strengthening its ability to monitor unauthorized access to its websites and suspicious transmissions on its internal network, in order to upgrade its preparedness against the recently growing threat of targeted attack emails and other external attacks such as those from malware via phishing emails.

Accompanying the growth of remote work, Casio has further strengthened security measures at end points, such as the computers used by employees, and has deployed a multilayered defense system. 

│Information Security Certification and Initiatives

As an initiative to prevent information leakage, Casio ensures, as an organizational measure, that all employees handling information understand and follow necessary safety procedures. Casio has established internal rules regarding such matters as limitations on taking information or information devices off company premises and on sending emails externally, as well as proper information disposal. Training is provided on these rules in an effort to raise awareness and strengthen measures to prevent information leakage.

As a technical safety measure, Casio is strengthening its ability to monitor unauthorized access to its websites and suspicious transmissions on its internal network, in order to upgrade its preparedness against the recently growing threat of targeted attacks and other external attacks such as those from malware.
Internal measures include the installation of security software and patches on company PCs, and a multi-layered defense has been created.

JQA-IM0536

│Scope of application/operations for ISO27001 certification:

Information Technology & Engineering Department, Digital Division, Casio Computer Co., Ltd.
Planning, development, maintenance and operation of internal information systems supporting the manufacture, sale and service operations for electronic devices at Casio Computer Co., Ltd. and each group company, and the development, maintenance and operation of network infrastructure for the Casio Group

*1Privacy Mark: A program where the Japan Information Processing Development Corporation, a public-service foundation, evaluates the adequacy of corporate protective measures related to the handling of personal data. Companies that are found to have adequate protective measures in place are certified and permitted to display the Privacy Mark.
*2A program whereby a company establishes a system for using, maintaining, and protecting information within the applicable scope (e.g., business, locations) based on international standards for information security management systems, and a certification body conducts audits of the system and issues certifications.

Stable Supply of Products

│Approach to Stable Product Supply

Delivering a stable supply of products is one of the most important responsibilities of a manufacturer, and is required to ensure customer satisfaction and loyalty.

Casio aims to optimize the innovation process by leveraging its robust platforms for purchasing and manufacturing technologies. This allows Casio to consistently provide the market with high-quality products at reasonable prices while raising customer satisfaction.

│Supply Network Is Highly Responsive to Changes in Demand

Demand has changed dramatically due to the impact of the COVID-19 pandemic in fiscal 2021. Casio aims to optimize production, sales and inventory, without sticking to previous divisions of rules and systems. Examples of specific activities include early achievement of supply chain reforms and engineering reforms aimed at the post-COVID period.

  • Supply chain reform (Optimize production, sales and inventory with the minimum amount of resources and staff)
  • Promote automation of operations (reduce steady-state operations)
  • Introduce production linked to real demand (PSI linked, inventory reductions)
  • Optimize/introduce IT for functions of production and management sites (procurement, manufacturing, logistics)
  • Engineering reforms (Raise product value and achieve competitive advantages in QCD)
  • Make costs and processes for product planning/development through manufacturing visible and seamless
  • Strengthen PLM (raise profitability after commercialization)
  • Achieve zero-defect, ultra-low-cost design and manufacture 

│Diversifying Production Risk and Producing Core Components In-house

Casio maintains a stable supply of products by having each production site manufacture multiple product items, and by ensuring that two different sites can produce any given Casio product.

The company is also increasing the internal production of components in order to protect newly created technologies and to reduce parts procurement risk.

Production sites for individual products

G310e

Select a location