G :Governance
Risk Management
Risk Management
Risk Management System
Information Security Initiatives
Review of FY 2023 Activities
Future Challenges and Countermeasures
Risk Management System
A Risk Management Committee chaired by the Head of Corporate Administration Division has been established to strengthen the defense system in response to the various risks facing the company, and risks that can have a significant impact on management are managed throughout the organization, and appropriately evaluated and responded to. Furthermore, in response to the specific individual risk involving compliance, safety, disasters, information security, and export management, we have established committees and councils including the Corporate Compliance Committee, Central Safety and Health Committee, Central Disaster Prevention Council, CSR Council, Environment Council, Information Security Council, Personal Information Protection Management Committee, and Export Control Committee. We have prepared and developed regulations, guidelines, and manuals for implementing risk management, and we also conduct education and training activities.
The activities of the Risk Management, Corporate Compliance, Export Control, and Personal Information Protection committees are periodically reported to the Board of Directors.
Other committees’ activities are reported at management meetings as appropriate, and matters are reported to the Board of Directors if doing so is deemed necessary.
The activities of the Risk Management, Corporate Compliance, Export Control, and Personal Information Protection committees are periodically reported to the Board of Directors.
Other committees’ activities are reported at management meetings as appropriate, and matters are reported to the Board of Directors if doing so is deemed necessary.
Risk Management Structure
The following meetings* were held in FY 2023:
* Includes ad hoc committee meetings
| Risk Management Committee | Met 8 times |
|---|---|
| Personal Information Protection Management Committee | Met 3 times |
| Export Control Committee | Met twice |
| Information Security Committee | Met twice |
In addition to regular committee meetings held twice a year, the Risk Management Committee and other committees may hold extraordinary committee meetings based on the criteria set forth in the committee rules.
In FY2023, the Risk Management Committee and the Personal Information Protection Committee held extraordinary committee meetings, and the results of the meetings are shown in the table above.
Going forward, we will not neglect our daily activities, and we will implement the PDCA cycle by identifying possible risks, considering countermeasures, notifying the parties involved, and conducting verification.
In FY2023, the Risk Management Committee and the Personal Information Protection Committee held extraordinary committee meetings, and the results of the meetings are shown in the table above.
Going forward, we will not neglect our daily activities, and we will implement the PDCA cycle by identifying possible risks, considering countermeasures, notifying the parties involved, and conducting verification.
Information Security Initiatives
Yokohama Rubber Group Basic Policy on Information Security
【Purpose】
Yokohama Rubber Co., Ltd. and each of its group companies (hereinafter collectively referred to as “our group”) recognize the importance of managing and utilizing information systems and information assets, and we will take appropriate measures for all information systems and information assets based on the following basic policy, in order to contribute to maintaining business activities by ensuring information security levels, and to prevent information security incidents and incidents, which we consider to be our social responsibility.
【Basic Policy on Information Security】
- Protection and appropriate management of information assets
Our group will establish appropriate management requirements and protect and manage information assets based on their level of importance. - Compliance with laws and internal regulations
Our group will take responsibility for information security and strictly adhere to information management by complying with laws and regulations. - Implementation of ongoing education and training
Our group's employees will endeavor to acquire information security knowledge through ongoing education and training. - Response to information security incidents and accidents
In the event of an information security incident or accident, the Group will formulate an incident response plan to ensure a swift response and business continuity, and will implement measures to minimize damage and prevent recurrence. - Formulation and continuous improvement of information security management rules
The Group will conduct regular information security audits to promote the establishment and improvement of information security.
Yokohama Rubber and the Yokohama Rubber Group promote various information security measures based on our Information Security Basic Policy to protect our customers' personal information and other confidential information from cyber attacks and other information leak risks that are becoming more sophisticated and complex every day.
As for information security rules and regulations, we have established information security management rules and procedures, which are periodically reviewed in response to changes in the environment surrounding information security.
As part of the Yokohama Rubber Group's overall efforts, information management managers have been assigned to each organization and Group company, and an information security communication network has been established.
We consolidate and provide information at the "Information Security Liaison Desk" including issues from stakeholders.
We are working to strengthen relationships so that we can respond promptly in the event of an information security incident.
There were no major information security incidents (information security incidents proven to be violations of information security-related codes of conduct, corporate policies, or laws) in fiscal 2023.
Targeted attack e-mail training and e-learning are regularly conducted for employees.
Our information security management system is certified by TISAX (Trusted Information Security Assessment Exchange), an information security assessment developed by the German Association of the Automotive Industry, in 2022.
For Group companies, we regularly hold hearings on information security, conduct security education, share information on a daily basis, and alert employees, and we are working to foster information security literacy throughout the Group by encouraging them to raise their awareness.
As for information security rules and regulations, we have established information security management rules and procedures, which are periodically reviewed in response to changes in the environment surrounding information security.
As part of the Yokohama Rubber Group's overall efforts, information management managers have been assigned to each organization and Group company, and an information security communication network has been established.
We consolidate and provide information at the "Information Security Liaison Desk" including issues from stakeholders.
We are working to strengthen relationships so that we can respond promptly in the event of an information security incident.
There were no major information security incidents (information security incidents proven to be violations of information security-related codes of conduct, corporate policies, or laws) in fiscal 2023.
Targeted attack e-mail training and e-learning are regularly conducted for employees.
Our information security management system is certified by TISAX (Trusted Information Security Assessment Exchange), an information security assessment developed by the German Association of the Automotive Industry, in 2022.
For Group companies, we regularly hold hearings on information security, conduct security education, share information on a daily basis, and alert employees, and we are working to foster information security literacy throughout the Group by encouraging them to raise their awareness.
Review of FY 2023 Activities
Verifying employee safety
In fiscal year 2009, we implemented a safety confirmation system encompassing our domestic production subsidiaries and have been conducting regular training exercises ever since. These exercises are conducted at each location on a regular basis and, since 2021, have included a nationwide safety confirmation drill every March. By increasing the frequency of these drills, we aim to enhance our initial response capabilities in the event of a disaster and foster a stronger sense of disaster preparedness among our employees. In the event of a large-scale disaster, we have established a central disaster response headquarters at the corporate level, along with mechanisms for information gathering and sharing. We have also implemented a multi-channel communication system and a virtual meeting room with a permanent information-sharing platform, ensuring swift communication even in situations where physical gathering is challenging.
Being prepared for a disaster (database activation)
Since 2017, we have stipulated in our "Disaster Prevention Guidelines" the stockpiles that should be deployed at each site, including quantities.
Based on the guidelines, the database manages and confirms that stockpiles have been secured for the required number of days, and any shortages, including replacement of expired stockpiles, are replenished.
In addition, we have confirmed the content, frequency, and number of participants in disaster drills to be prepared to respond quickly in the event of a disaster.
Based on the guidelines, the database manages and confirms that stockpiles have been secured for the required number of days, and any shortages, including replacement of expired stockpiles, are replenished.
In addition, we have confirmed the content, frequency, and number of participants in disaster drills to be prepared to respond quickly in the event of a disaster.
Stockpiling for disasters
Stockpiling for disasters
Fire Prevention, Disaster Prevention and BCP Initiatives
In fire prevention activities, we revised in April 2024 our company-wide guideline "Fire Prevention Guideline" with the aim of preventing fires from occurring and preventing the spread of fire in the event of an accident.
Following this guideline, we successfully completed the initiative to replace aging electrical components at our domestic production facilities over a two-year period, starting in 2022.
This has enabled us to check the fire prevention organization system and firefighting equipment, identify fire risks and issues in factories, warehouses, and offices, and establish a system to prevent recurrence.
Beyond fiscal year 2024, we will continue to strengthen the Yokohama Rubber Group's fire safety system by implementing a continuous cycle of planning, doing, checking, and acting (PDCA) to focus on fire prevention and recurrence prevention activities.
In disaster prevention activities, we revised the "Disaster Prevention Guidelines" in November 2023 to clarify our preparedness for increasingly severe natural disasters and infectious diseases occurring in wide areas.
The purpose of these guidelines is to maintain the company's activities on the basis of putting human life first, and to enhance Yokohama Rubber's disaster preparedness by clarifying the actions employees should take in the event of a disaster, the company's disaster prevention system, and the enhancement and management of disaster supplies.
We conduct regular disaster preparedness drills, ensuring that we are prepared to respond effectively to emergencies by regularly reviewing the content, frequency, and participation levels of these drills.
Following this guideline, we successfully completed the initiative to replace aging electrical components at our domestic production facilities over a two-year period, starting in 2022.
This has enabled us to check the fire prevention organization system and firefighting equipment, identify fire risks and issues in factories, warehouses, and offices, and establish a system to prevent recurrence.
Beyond fiscal year 2024, we will continue to strengthen the Yokohama Rubber Group's fire safety system by implementing a continuous cycle of planning, doing, checking, and acting (PDCA) to focus on fire prevention and recurrence prevention activities.
In disaster prevention activities, we revised the "Disaster Prevention Guidelines" in November 2023 to clarify our preparedness for increasingly severe natural disasters and infectious diseases occurring in wide areas.
The purpose of these guidelines is to maintain the company's activities on the basis of putting human life first, and to enhance Yokohama Rubber's disaster preparedness by clarifying the actions employees should take in the event of a disaster, the company's disaster prevention system, and the enhancement and management of disaster supplies.
We conduct regular disaster preparedness drills, ensuring that we are prepared to respond effectively to emergencies by regularly reviewing the content, frequency, and participation levels of these drills.
Fire prevention audit
BCP Initiatives
For our Business Continuity Plan (BCP), we have prepared "Basic BCP Guidelines" and other guidelines for various destructive and non-destructive disasters, including infectious diseases, and revise them as necessary.
In 2023, we conducted a large-scale Business Continuity Planning (BCP) drill for the first time following the relocation of our headquarters to Hiratsuka. We remain committed to strengthening our BCP initiatives, ensuring the safety of our employees and the continued provision of products and services in the event of a disaster.
In 2023, we conducted a large-scale Business Continuity Planning (BCP) drill for the first time following the relocation of our headquarters to Hiratsuka. We remain committed to strengthening our BCP initiatives, ensuring the safety of our employees and the continued provision of products and services in the event of a disaster.
Business Continuity Planning (BCP) Drills (Headquarters and Hiratsuka Plant)
Future Challenges and Countermeasures
The business environment is becoming increasingly challenging due to global instability, the intensification and frequency of natural disasters caused by climate change, and the sophistication and complexity of cyberattacks. As such, further strengthening our risk management framework, along with fostering interdepartmental information sharing and communication, remain crucial priorities. We will continue to enhance our risk mitigation strategies through regular risk assessments and a continuous cycle of planning, doing, checking, and acting (PDCA) in each department. Furthermore, we will raise awareness among all employees by conducting Business Continuity Planning (BCP) drills and providing education and training on information security.
