The Oji Group has identified Group-wide and business line risks within the execution of business by categorizing risks in all of the assets it owns, both tangible and intangible, in accordance with the Group Risk Management Regulations, as shown below. Responses to risks are implemented by the responsible management and support departments.
The Board of Directors supervises the enhancement and implementation of risk management. When a new risk occurs, the Board of Directors makes a decision after deliberations within the Group Management Meeting. The Director and the General Manager of the Corporate Governance Division is responsible for the risk management of the Oji Group. The Corporate Governance Division works to ensure the effectiveness of the risk management of the overall Group.
The Oji Group positions various information obtained during its business activities as important assets required for business continuity. To strengthen our response to the ever-evolving IT environment, we have established the Group Information System Usage and Risk Management Regulations, and we have developed the promotion management system for preventing leakage of confidential information, and for cyber attacks and disasters.
The Oji Business Center, as a department that oversees our information system risk management, regularly audits the compliance status across the Group and reports the results to the Group Management Meeting. In addition, to educate employees, we regularly perform educational activities in Company Newsletter and provide e-mail training utilizing external experts to deal with phishing e-mails that are becoming more sophisticated every day.
In terms of facilities, we are building a backup system for internal servers in external data centers as part of our BCP.
In FY2020, we strengthened cyber security measures as the network was re-constructed, and revised regulations to respond to the spread of teleworking in times of COVID-19. We will work to make sure that these measures will take hold and at the same time implement them at overseas group companies to further strengthen our efforts to improve information security.