- Why SUMCO Addresses Risk Management
The Silicon wafer business is a critical industry that supports our IT-oriented society, and the SUMCO Group is responsible for the stable supply of silicon wafers to semiconductor device manufacturers around the world. For this reason, the SUMCO Group regards business continuity as a key management concern.
The Business Security Committee (BSC), which is an organization responsible for company-wide risk management, identifies, analyzes and assesses risks, implements countermeasures and promotes risk management activities including the formulation of business continuity plans (BCP), with the aim of predicting risks in advance, preventing them from being realized and minimizing damages when a risk is realized.
- Risk Management Basic Policy
SUMCO has set forth basic matters pertaining to risk management in the Basic Rules on Risk Management, under which we undertake risk management activities.
Our basic approach to responding to risks involves the following two points.
- Prioritize the handling of risks by likelihood of occurrence and severity of impact to ensure optimum allocation of management resources and maximize the effectiveness of measures.
- Minimize damage and loss by preventing the suspension or discontinuation of business activities to ensure business continuity in the event of an accident or other emergency situation.
SUMCO's Risk Management Framework
1. Risk Assumptions and Identifying Risk
SUMCO analyzes risks that could impact business continuity for SUMCO's departments, plants, offices, and SUMCO Group companies, identifies the level of impact for each risk, and assigns priority to each risk in accordance with the Basic Rules on Risk Management mentioned above. Risks which pose a major threat to business continuity are defined in the Basic Rules on Risk Management.
When taking on a new business as well, we use a same process to analyze business risk and assign priority.
Major Risks Recognized in the Basic Rules on Risk Management
- Risks Related to General Management
Examples: Contractual disputes, investment in new businesses
- Risks Related to Accidents and Disasters
Examples: Earthquakes, wind and flood damage, water and electric power service interruptions
- Risks Related to Discontinuation of Business
Examples: Fire, equipment accidents, production impediments, disruptions to raw material procurement
- Risks Related to Compliance
Examples: Antitrust violations, violations of laws related to corruption and anti-corruption, violations of employment and labor standards-related laws and ordinances, violations of environmental regulations
- Risks Related to Information
Examples: Leaking of trade secrets, network shutdowns
- Risks Related to Intellectual Property
Examples: Infringing upon intellectual property rights or suffering infringement
- Risks Related to Human Resources, Employment, and Human Rights
Examples: Labor issues, human rights violations, harassment, occurrence of scandals, crimes and other incidents
- Risks Related to Taxation and Accounting
Examples: Funding impediments, rapid exchange rate fluctuations
- Risks Related to Products and Services
Examples: Quality issues, complaints
- Risks Related to Safety and Health
Examples: Industrial accidents, spread of infectious disease
- Risks Related to the Environment
Examples: Pollution, environmental accidents
- Risks Related to Credit
Example: Bankruptcy of a customer
2. Determining Policy with regards to Risk Countermeasures and Reporting the Status of Such Countermeasures
Responsibility for each risk is allocated between departments according to the priority established in (1) above, and the policy on risk countermeasures is determined via discussion within a company-wide committee known as the BSC (Business Security Committee). The BSC meets every year, with not only the Chairman/CEO and other senior management in attendance, but also responsible members of each business department, factory, plant and group companies worldwide. It decides company-wide policy regarding risk management, deliberates and determines risk prevention measures, discusses responses on cross-department risks and new risk phenomenon and exchanges a broad range of information about risk management in general.
- BSC's Structure and Objectives
3. Response to Each Risk
Each business department, factory, plant, and SUMCO Group company responds to risk in accordance with the policy confirmed by the BSC, creates a business continuity plan (BCP; described later) and other necessary frameworks, and implements training and other regiments designed to improve response in emergency situations. In this way, we strive to prevent risks from manifesting, minimize damage and strengthen business continuity.
The status of risk countermeasures is reported to the BSC mentioned above each year and reviewed by the senior management.
Ensuring Business Continuity
Our Basic Rules on Risk Management define business continuity as an important management issue, and we have been working to develop and improve our BCP (business continuity plan) to ensure business continuity.
The details of the BCP, and its state of improvements, the results of trainings and drills, and other matters are reported on the BSC, and the BSC verifies the effectiveness of the BCP, and determines policies on future action to be taken. Each department and group company improves the BCP further according to the policies.
In fiscal year 2019, we conducted BCP drills to ensure process of Emergency Response Team establishment at Kyushu Factory, operation transfer from head office and initial responses on the assumption of a large-scale earthquake beneath Tokyo Metropolitan area which leads communication disruption.
In addition, we also conducted integrated emergency response drills at each plant. The drills included activities such as evacuation, firefighting, reporting, rescue, emergency relief and transportation, and continuous improvements are made by identifying issues and reviewing procedures and other details after conducting the drills.
Improvement in Emergency Response Capability
The SUMCO Group has established an initial-response manual to enable speedy response, ensure employee safety, protect company assets and restart business operations as soon as possible in the event of a large-scale earthquake or other disaster/accident. Additionally, we regularly conduct initial firefighting drills such as the handling of fire extinguishers and fire hydrants, drills on the handling of respirators and training on the employment of lifesaving measures such as CPR and AED usage, in order to reduce damage in the event of a disaster. We also conduct exercises such as carrying drills using cloth stretchers to simulate an evacuation by stairs to further enhance employees' ability to respond in an emergency.
Additionally, at our Kyushu Factory we periodically conduct joint response drills with suppliers that deliver chemicals to our sites so that all involved can take safe and smooth action in the event of a leakage of chemicals during delivery.
The Company clearly stipulate the appropriate use and management of information in the SUMCO Charter of Corporate Conduct. We have also established the Rules on Information Management along with related regulations, guidelines and other materials. Under this framework we make every effort to prevent leaks of trade secrets and customer information by conducting regular information management training for employees.
Additionally, SUMCO has established the Rules on Personal Information Management in accordance with the Act on the Protection of Personal Information to ensure that personal information is managed appropriately.
Safety Confirmation System
The SUMCO Group has introduced a "Safety Confirmation System" which enables quick conformation of the safety status of employees working in Japan. We think the system also helps speed up post-disaster recovery efforts.
Computer System-related Disaster Countermeasures
The Company has ensured redundancy for mission-critical and peripheral systems used on a company-wide basis, establishes equivalent backup servers and performs data synchronization in order to continue business operation even in the event that a server installation location is damaged by a large-scale disaster such as a major earthquake.
Preventing Information Leaks
SUMCO undertakes measures to prevent information leaks by addressing various computer system-related risks such as external attacks on our computer systems via the Internet, the unauthorized usage of our computer systems and the infection of computer viruses.
Katsuhito Asahi, Unit Leader
Nagasaki Safety and Disaster Prevention Section, General Affairs Department, SUMCO TECHXIV Corporation
Q. Please describe the status of implementation and the level of participation in the emergency response drills you conduct at the plant.
For integrated emergency response drills, we envisage a major earthquake measuring upper 6 on the intensity scale having occurred. With the disaster control headquarters comprised of key executives and managers including General Manager of Production and Technology Division operating as the center, we mainly confirm the actions taken in the initial response. In recent years we have focused the drills on confirming the safety of employees, searching for missing people, conducting rescue and relief activities, providing emergency medical care and selecting safe evacuation routes from the perspective of placing the highest priority on human life. In fiscal year 2018, more than 400 people in Nagasaki Plant took part in the drills, a figure which suggests a heightened interest in disaster prevention among employees. Once a year we also conduct late-night emergency response drills for shift workers, envisaging a scenario in which a major earthquake strikes at night. Each year when we conduct our emergency response drills, we ask the local Omura Fire Department to attend. In addition to reviewing the drills overall, the members of the fire department offer valuable insight and guidance from their perspective as professionals. Moving forward, we will continue to coordinate with the local community to steadily improve our disaster preparedness level through drills and decidedly achieve the goals of self-help, cooperation, and public assistance in times of disaster.