Govemance
Risk Management
│Basic Policy
Casio pursues risk management under the basic policy to predict risks, implements preventative measures to minimize potential losses, and, if losses are incurred, takes effective follow-up measures to ensure business continuity. In addition, Casio has established the Casio Business Conduct Guidelines, which specifically outline important codes of conduct for executives and employees of the Casio Group in implementing the Casio corporate creed of “Creativity and Contribution” across the company’s businesses.
│Internal Control Committee
The Internal Control Committee carries out cross-sectional integration of functions related to internal control, including compliance, information security, and risk and crisis management, to realize an effective, streamlined, and fail-proof risk management structure. It also deliberates and makes decisions on policies and responses to issues concerning internal control in general within the Casio Group.
In June 2022, the Internal Control Committee was transitioned from an independent organization to the business execution side of Casio’s corporate structure in order to further promote appropriate, sound, and efficient business operations, which is the purpose of internal control. In cooperation with the Management Meeting, the Internal Control Committee visualizes and checks business operations from the viewpoint of appropriateness, soundness, and efficiency, thereby ensuring the system for addressing various risks is reliable.
│Risk Management Structure
Risks that pose a serious impact on management are managed following the structure below based on the Risk Management Rules through collaboration among relevant organizations under the supervision of the Internal Control Committee.
Basic Structure
We will continue to develop education, training, and procedural manuals that serve as the foundation of Companywide risk management to prevent losses and minimize the impact on Company operations in the event of an incident.
Response Implementation Structure
This will serve as a total structure that ensures stable business continuity by enabling effective initial response, including prompt status assessment and information communication, and appropriate decision-making in the event of an incident.
│Implementation of Global Risk Survey
In order to effectively conduct risk management, we predict various risks that may involve the Casio Group, and conduct global risk surveys to identify the frequency and impact of risks occurring and assess if appropriate measures are taken. Currently, we have identified three important risks—competition law, privacy law, and cybersecurity—and are implementing the following measures.
Competition Law
We have established the Antitrust Compliance Program and distributed the Compliance Manual to all global sites and are conducting employee education. We are also endeavoring to further entrench this program by carrying out audits on antitrust compliance, reviewing responses to problems identified by audits, and implementing measures.
In Japan, the Act against Unjustifiable Premiums and Misleading Representations Compliance Committee was established by relevant departments, and awareness promotion activities, including development of self-management regulations and education, are being implemented. Moreover, we are striving to provide guidance through the responsible staff office, share customer opinions and feedback, and share case studies from self-audits and improvements implemented in relevant departments. Going forward, we will conduct regular audits based on the implementation status of education, and further enforce this program.
Privacy Law
As laws and regulations concerning personal information become more stringent globally, in order to promote business using data worldwide, we must adhere to the privacy laws of each country. To this end, in March 2021, we established the Office for Personal Data Protection outside Japan, a dedicated office for addressing global privacy laws. The office works to strengthen compliance structure by tracking legal trends of each country, ensuring the appropriate handling of personal information—from acquiring to storage, usage, and disposal—and conducting employee education and regular audits.
Cybersecurity
In addition to responding appropriately to the increasing number of information security incidents, Casio is continuously strengthening its information security management level, both in normal times (proactive measures) and in emergency situations (post-incident measures). We have established the Computer Security Incident Response Team (CSIRT) so that take rapid action in the case of an incident. While implementing technical measures within the Group backed mainly by the Information Technology & Engineering Department, we are working on defining rules and conducting education among employees.
│Response to the COVID-19 Pandemic
The impact of the COVID-19 pandemic is long lasting. The economy has slowed, primarily affecting consumer spending and corporate production, and these extremely harsh conditions continue.
Casio launched a task force in late January 2020 tasked with ensuring the safety of customers, business partners, and employees and their families, and is making preventing the spread of the virus a top priority. Casio is also working with related divisions both within and outside the Company, and doing all it can to minimize the impact of the pandemic on its business.
Casio introduced remote work early on as a specific initiative to prevent the spread of infection among employees. Employees who have to be on site to do their jobs are asked to come in on a staggered schedule, commute in their own cars, and use online meetings to reduce opportunities for interaction. In addition, Casio is working with regional health authorities to promote the creation of vaccination opportunities for employees and other persons in an effort to protect customers, business partners, and local communities.
Business Continuity Plan (BCP) Initiatives
In order to respond to emergencies with the resources of the company organization, Casio has created a Crisis Management Manual for securing the safety of all employees, executives, and their families, preserving corporate assets.
Casio is also working to strengthen its business continuity plan (BCP). In the event of a major disaster, Casio establishes a Business Continuity Task Force and conducts an emergency response based on the Business Continuity Manual to continue providing products and services to countries around the world. In doing so, we aim to live up to the trust of our business partners and customers by minimizing damage and quickly restoring business operations.
From the standpoint of corporate responsibility to society and local communities, we also consider contributing to disaster response and recovery efforts, as well as cooperating with national and local government disaster prevention and mitigation measures.
│Information System Disaster Response Measures
Establishing comprehensive systems to support business activities has become increasingly important to ensuring business continuity. In addition to being prepared for natural disasters such as earthquakes and typhoons, Casio provides employees with a remote work environment so they can stay home during outbreaks of disease, such as the COVID-19 pandemic. Furthermore, the importance of IT systems to business continuity, in the context of digital transformation, is becoming even greater.
Casio employs a cloud environment and robust external data centers with quake-absorbing structures and in-house power generation as measures for ensuring business continuity. These measures ensure construction and operation of systems that can flexibly and quickly respond to business changes while ensuring the safety and availability of important servers.
Moreover, while ensuring information security, particularly in the communication environment (portal site for employees, e-mail, online meetings, etc.), the company uses external services for BCP measures.
Information Security
Casio strives to appropriately manage and handle all of its information assets, including information that it collects from customers and suppliers. Casio has articulated information protection rules along with its Information Security Rules and implements regular education for employees to continuously raise awareness of information security and ensure the implementation of safety measures. Additionally, Casio has established an organizational structure to ensure compliance with laws and regulations on privacy protection outside Japan, including the EU’s General Data Protection Regulation (GDPR), which covers the handling of personal information of European users. We are also strengthening measures to respond to the increase in cyber-attacks due to recent changes in international circumstances.
│Education and Awareness Raising
Information security cannot rely only on technical measures; it is also important for everyone handling information to know the required safety procedures, and to incorporate them into their work habits. At Casio Computer Co., Ltd., all officers and employees receive regular information security training through e-learning. The employees eligible for this training have been expanded to include those at Group companies in and outside Japan. The training covers general information security, as well as protection of personal information and other compliance matters, based on changes in society and in the company's business environment. Information security is being improved by providing this training content in a timely manner. In addition, to raise daily awareness, we have issued an information security handbook summarizing basic matters in clear, concise content and conduct targeted attack email training to prepare for possible contingencies as part of our training and awareness-building efforts.
│Initiatives to Prevent Information Leakage
As an initiative to prevent information leakage, Casio ensures, as an organizational measure, that all employees handling information understand and follow necessary safety procedures. Casio requires employees to apply for permission before taking information or information devices off company premises. We have also established internal rules regarding such matters as limitations on sending emails externally, as well as proper information disposal. Training is provided on these rules in an effort to raise awareness and strengthen measures to prevent information leakage.
As a technical safety measure, Casio is strengthening its ability to monitor unauthorized access to its websites and suspicious transmissions on its internal network, in order to upgrade its preparedness against the recently growing threat of targeted attack emails and other external attacks such as those from malware via phishing emails. Furthermore, accompanying the growth of remote work and the use of cloud services, Casio has deployed a multilayered defense system including the establishment and introduction of a Zero Trust Network that includes security measures for computers used by employees and the abolition of the use of password-protected compressed files, which can become a hotbed of malware infection.
As a measure to cope with the increasing use of the cloud environment, Casio has established guidelines and security checklists for cloud use and disclosed them internally to strengthen measures to ensure safe use of the cloud environment.
│Information Security Certification and Initiatives
Casio has focused on established a system for prioritizing the protection of personal information, publicly disclosed its Privacy Policy on its website, and remains committed to the safe and appropriate handling of personal information. In December 2005, Casio Computer Co., Ltd. obtained Privacy Mark*1 certification and has maintained it since.
Casio’s Information Systems Department obtained information security management system (ISO 27001)*2 certification in November 2007. The aim of applying for certification was to evaluate fulfillment of responsibility by the department, which takes care of information assets for the entire company. The department uses the PDCA cycle to make continual improvements, and it will continue to renew certifications as it aims to expand the applicable scope of activities while reviewing targets in line with further progress in digitalization.
JQA-IM0536
│Scope of application/operations for ISO27001 certification:
Information Technology & Engineering Department, Digital Division, Casio Computer Co., Ltd.
Planning, development, maintenance and operation of internal information systems supporting the manufacture, sale and service operations for electronic devices at Casio Computer Co., Ltd. and each group company, and the development, maintenance and operation of network infrastructure for the Casio Group
*1Privacy Mark: A program where the Japan Information Processing Development Corporation, a public-service foundation, evaluates the adequacy of corporate protective measures related to the handling of personal data. Companies that are found to have adequate protective measures in place are certified and permitted to display the Privacy Mark.
*2A program whereby a company establishes a system for using, maintaining, and protecting information within the applicable scope (e.g., business, locations) based on international standards for information security management systems, and a certification body conducts audits of the system and issues certifications.
Stable Supply of Products
│Approach to Stable Product Supply
Delivering a stable supply of products is one of the most important responsibilities of a manufacturer, and is required to ensure customer satisfaction and loyalty.
Casio aims to optimize the innovation process by leveraging its robust platforms for purchasing and manufacturing technologies. This allows Casio to consistently provide the market with high-quality products at reasonable prices while raising customer satisfaction.
│Supply Network Is Highly Responsive to Changes in Demand
The demand/procurement environment is changing drastically this fiscal year due to the impact of COVID-19 and the changing situation in China and Russia. Casio aims to optimize production, sales and inventory, without sticking to previous divisions of rules and systems. Examples of specific activities include early achievement of supply chain reforms and engineering reforms aimed at the post-COVID period.
- Supply chain reform (Optimize production, sales and inventory with the minimum amount of resources and staff)
- Promote automation of operations (reduce steady-state operations)
- Introduce production linked to real demand (PSI linked, inventory reductions)
- Optimize/introduce IT for functions of production and management sites (procurement, manufacturing, logistics)
- Engineering reforms (Raise product value and achieve competitive advantages in QCD)
- Make costs and processes for product planning/development through manufacturing visible and seamless
- Strengthen PLM (raise profitability after commercialization)
- Achieve zero-defect, ultra-low-cost design and manufacture
- Sustainable supply of products
Casio seeks to increase the value of its products by actively adopting components and materials intended to contribute to a sustainable society, such as solar-powered components, renewable materials, and biomass plastics.
│Diversifying Production Risk and Producing Core Components In-house
Casio maintains a stable supply of products by having each production site manufacture multiple product items, and by ensuring that two different sites can produce any given Casio product.
The company is also increasing the internal production of components in order to protect newly created technologies and to reduce parts procurement risk.
Production sites for individual products
