● Risk Management Structure
In accordance with the SCREEN Group Code of Risk Management and other relevant in-house rules, SCREEN Holdings is engaged in initiatives aimed at identifying and mitigating business risk and, as the holding company, has in place a system for assessing the status of risk management for the entire Group.
Risk Management Structure
In order to mitigate risk that could negatively impact the SCREEN Group’s corporate value, we have established a companywide, cross-cutting risk management structure which includes the SCREEN Holdings President as Chief Officer while making the presidents of each SCREEN Group company responsible for managing risk at their own companies. Every organization within the Group identifies and categorizes potential risks into different categories, including Governance, Human Rights, Labor Practices, the Environment (including climate change), Fair Business Practices, Consumer Issues, and Community Engagement, and then evaluates the impact of each on our businesses to come up with measures which are implemented to address it. We will then develop and implement measures to mitigate these risks.
● Risk Management Structure
Further Enhancement of Risk Management Effectivenes
In the fiscal year ended March 31, 2021, to prevent and minimize damage to corporate value, the SCREEN Group established the Group Risk Management Committee to identify the risks inherent in the entire SCREEN Group and their status, and to determine the direction of risk management by identifying key risks in response to changes in the business environment each fiscal year, and to prevent them from materializing. We adopt a “ three lines of defense” approach (the first line of defense is the Group business operating companies; the second is the holding company administrative department and functional support companies; and the third is the internal audit department), and in line with this we designate individual risk managers and management roles and establish a governance structure for sharing risk-related information between the front line and senior management.
In addition, we propose to the Board of Directors those risks with large residual risks or risks that may increase due to changes in the business environment as key risks.
● Risk Management PDCA Cycle
Business Continuity Plans (BCP)
When it comes to catastrophic earthquakes, typhoons, flooding and other natural disasters, infectious disease pandemics, factory accidents, and other risks with the potential of interrupting business operations, the SCREEN Group’s first priority is ensuring the safety of its employees and their families, followed by ensuring the prompt resumption of business operations in order to meet our product and service supply obligations to our customers. Towards this end, we work to develop and implement effective BCP.
Preparation of Emergency System
We have put in place a safety confirmation system that uses mobile phones and smartphones to facilitate confirmation of the safety status of employees following a large-scale disaster and to facilitate a rapid response in line with the damage situation. Based on the email replies from employees, we can determine the magnitude of human casualties and direct disaster damage and then work to guarantee the safety of employees, which is most essential to business continuation.
Resilience of Parts Procurement
With regard to critical parts that have limited suppliers, we are taking a double-track approach by promoting substitution to generic alternatives or access to more than one supplier. At the same time, in order to maintain stable parts procurement, during the design stage we work to prevent the inclusion of parts that have limited suppliers.
Strengthening Manufacturing Base
For our operations sites in Japan we undertake a variety of measures, including seismic resistance evaluations, building reinforcement, dismantling of aging facilities, immobilization of equipment and facilities, and introduction of seismic-resistant machinery and equipment.
Based on lessons learned from large-scale disasters and supply chain interruptions, we endeavor to put in place production systems that complement production sites, as well as parts suppliers, in order to prevent significant damage to our business. At the Hikone Plant, which produces semiconductor manufacturing equipment, we have taken seismic-isolation measures in the factory and are in the process of constructing production systems that can handle high winds and flooding.
In addition, we have acquired ISO 22301 certification for business continuity management systems (BCMS), and we develop BCP based on these standards.
In response to the COVID-19 pandemic, as a “designated infectious disease,” the SCREEN Group has established a Group Emergency Headquarters within the SCREEN Holdings head office which is overseen by the SCREEN HD President, and we have established local emergency headquarters at operations sites in Japan and overseas, as well as established business recovery headquarters at our business operating companies. We are working to ensure business continuity by checking on the health of employees, promoting telework to mitigate workplace infection risks (by changing structures while enhancing and developing VPNs and other IT infrastructure), taking steps to introduce shifts and workplace partitioning in production departments, and providing online support to customers. As well, we are having the COVID-19 vaccine administered to Group employees and their families, dispatch workers, partner company employees, suppliers, and other related personnel.
Strengthening IT Security
Recently, frequent, sophisticated cyber attacks and other incidents have reinforced the fact that IT security risks represent a serious business challenge, and we are continually working on stronger measures to ensure IT security. We have put in place a worldwide Group IT security structure overseen by SCREEN Holdings’ Chief Officer of Business Strategy, who works in conjunction with the representatives of the different Group companies to create Group-wide rules and guidelines, as well as a medium- to long-term IT roadmap.
In response to the ever-changing nature of the IT security risk environment and cyber attacks , we have incorporated an EDR＊1 for detecting malware on computers and servers. To detect cyber attacks from both inside and outside, we are stepping up measures including establishing an SOC＊2. In addition, we regularly review related rules and guidelines and work to improve IT literacy among all executives, employees, temporary personnel and everyone else in the SCREEN Group through a variety of means, including annual IT security training that is updated with the latest information.
We established an internal Computer Security Incident Response Team, or CSIRT, so that we can respond to reports about incidents related to IT security, detect risks, and take steps to respond quickly. We also joined the Nippon CSIRT Association＊3 (NCA) so that we can conduct these activities more effectively.
We pursue measures that will enable us to conduct our business safely, securely and without interruption, for example by conducting year-round, round-the-clock monitoring of our in-house network infrastructure.
*1 EDR: Endpoint Detection and Response. A solution for quickly detecting and responding to suspicious behavior on computers and servers.
*2 SOC: Security Operation Center. A department dedicated to providing advice on detecting and classifying cyber attacks and coming up with responses.
*3 An association for the purpose of dealing with computer security incidents by collecting and providing predictive information that will help members handle and solve security problems.
IT Measures During the COVID-19 Pandemic (putting in place and managing a telework environment)
Thanks to a series of workstyle reforms we began pursuing before the COVID-19 pandemic, including building a cloud-based environment that enables the tools and communication necessary for telework, we were able to accommodate telework without significant confusion or productivity impacts. Additionally, we offered all employees IT security training with a special focus on precautions that need to be taken when working from home, and we were able to put in place a manageable telework environment.
We are also working from the standpoint of business continuity to improve operational mechanisms and procedures in order to enlarge the scope of operations that can be accomplished via telework.