Risk Management

Under the supervision of the Risk Management Committee, we extract, analyze, and rate risks, then consider and implement countermeasures for high-importance risks. We also apply the Plan Do Check Action (PDCA) cycle to this process to promote risk management.

Basic Policy on Risk Management

Kureha manages risk based on the following basic policy.

Basic Policy on Risk Management

Understand the risks to our management on a company-wide scale and prevent them from occurring, and take necessary preventive measures to reduce the impact of risks that occur to an acceptable range.

Risk Management System

According to the classification of risks associated with business activities, the CSR Committee, the Information Management Committee, the Compliance Committee, and related departments are in charge of each risk classified as the supervising department, and promote risk management in cooperation with the departments actually involved with individual risks - all under the supervision of the Risk Management Committee.

Risk Management Implementation

Kureha manages risk through the following process:

  1. Identify risks
    The supervising department identifies individual risks (in detail) according to type, analyzes their level of importance, and rates them by priority of response.
  2. Analyze and rate risks
    The Risk Management Committee reviews the results of individual risk analyses and ratings, and gives any necessary instructions to the supervising department.
  3. Monitor the response to risks
    The supervising department monitors how the responsible department responds to individual risks judged to be high-priority and gives further instructions accordingly.
  4. Report and verify monitoring results
    The supervising department reports their monitoring results to the Risk Management Committee, which then verifies the results and gives further instructions back to the supervising department accordingly.

The Risk Management Committee then reports the fulfillment status of this process to the Executive Committee and Board of Directors. Information on the response to major high-priority risks is disclosed in a timely and appropriate manner.

Business Continuity Plan

In May 2014, we developed and strengthened countermeasures to large-scale disasters such as earthquakes and formulated a Business Continuity Plan (BCP). In fiscal 2019, we started updating our BCP to include countermeasures to storm and flood damage, which have been increasingly severe in recent years. Updates include anticipating the dangers of large-scale flooding from rivers in and around Tokyo affecting our head office, and ensuring the safety of employees and durability of factory facilities against intensifying storms and typhoons. And we will continue to enhance our BCP by predicting and analyzing ever-changing disaster scenarios.
Recently, due to the global pandemic, we have set up response centers and teams at all sites (head office, factories, domestic and overseas group companies), which work in tandem by sharing policies and information on the status of each region and site, and discussing countermeasures to various issues to ensure the safety of our employees against infection from COVID-19.

Fire and Disaster Prevention Training at the Head Office
Fire and Disaster Prevention Training at the Head Office

Overseas Crisis Management System

Kureha and Group Companies have formulated a manual for expatriates and business travelers to use in crises to ensure employee safety and minimize damage in the event of an emergency overseas. We are also providing a medical assistance service run by a crisis management company for our employees while they are overseas.
We also support our overseas employees by providing crisis management information, timely alerts, instructions on travel restrictions, etc.

Information Security

Information Security Policies

Basic Policy

Establishing safe and reliable controls for appropriate sharing and utilizing of all business-related information is one of our most important management issues. Our basic policy on information security is as follows:

  1. We will maintain the availability, integrity, and confidentiality of our information assets and promote appropriate information security management activities.
  2. We will oversee and direct continual efforts to improve the information security of the entire Kureha Group. We will also continue to provide education so that every Group employee can recognize the importance of information security and put it into practice.
  3. Kureha and Kureha Group Companies will carry out risk assessments on their respective information assets and take appropriate risk management measures.
  4. Kureha and Kureha Group Companies will strictly adhere to relevant laws and regulations.

Policy on Global Information Security

In fiscal 2018, we formulated a global information security policy to strengthen information security for the entire group, and we work to make sure both operational rules and the regulations of each Group company comply with this Policy.

Information Security System

Under the supervision of the Information Management Committee, which is under direct control of the President, we have established an Information Security Committee and, based on JIS Q 27001:2014, an Information Security Management System (ISMS) to promote continual improvement of information security.
In addition, in fiscal 2019, we set up a Computer Security Incident Response Team (CSIRT) and a system to minimize information security incidents.

Information Security Measures

In accordance with our Basic Policy on Information Security, we collect a wide range of data related to information security and continually implement the following measures:

  1. Take countermeasures to cyberattacks
    Our system to detect and block external cyberattacks is kept in stable operation by a 24/7 year-round monitoring service provided by a cybersecurity vendor.
  2. Assess risk of information assets
    We are reducing risk by systematically assessing the security risks of our information assets and implementing countermeasures.
  3. Prevent information leaks
    We have a security vendor regularly carry out diagnostics to confirm that overall security remains at a high level.
  4. Educate and train about information security
    We continually provide information security education to all employees. We also conduct simulations of targeted threats so that employees learn what to do when they receive suspicious emails.
  5. Fight the spread of COVID-19 (by remote access tools for business continuity)
    During this pandemic, we are working to ensure that employees are aware of the information security risks of using remote access tools while working from home by establishing oaths and encouraging their thorough implementation.

Countermeasures to Information System Disasters

Our Enterprise System and electronic file systems operate in robust data centers in Japan. As a disaster countermeasure, we also have duplicated data stored in a cloud-based system. Furthermore, we have introduced a cloud-based system for internal emails so that emails can be sent within the company even in the event of a disaster.

Protection of Personal Information and Specific Personal Information

It is our social responsibility to protect all personal information provided to us. Therefore, we acquire and manage all personal information in accordance with our policies for the protection of personal information and specific personal information.