Risk Management

Why SUMCO Addresses Risk Management

The Silicon wafer business is a critical industry that supports our IT-oriented society, and the SUMCO Group is responsible for the stable supply of silicon wafers to semiconductor device manufacturers around the world. For this reason, the SUMCO Group regards business continuity as a key management concern.
The Business Security Committee (BSC), which is an organization responsible for company-wide risk management, identifies, analyzes and assesses risks, implements countermeasures and promotes risk management activities including the formulation of business continuity plans (BCP), with the aim of predicting risks in advance, preventing them from being realized and minimizing damages when a risk is realized.

Risk Management Basic Policy

SUMCO has set forth basic matters pertaining to risk management in the Basic Rules on Risk Management, under which we undertake risk management activities.
Our basic approach to responding to risks involves the following two points.

  1. Prioritize the handling of risks by likelihood of occurrence and severity of impact from the viewpoints of ensuring optimum allocation of management resources and the effectiveness of risk management.
  2. Minimize damage and loss by preventing the suspension or discontinuation of business activities to ensure business continuity in the event of an accident or other emergency situation.

SUMCO's Risk Management Framework

1. Risk Assumptions and Identifying Risk

SUMCO analyzes risks that could impact business continuity for SUMCO's departments, plants, offices, and SUMCO Group companies, identifies the level of impact for each risk, and assigns priority to each risk in accordance with the Basic Rules on Risk Management mentioned above. Risks which pose a major threat to business continuity are defined in the Basic Rules on Risk Management.
When taking on a new business as well, we use a same process to analyze business risk and assign priority.

Major Risks Recognized in the Basic Rules on Risk Management

  1. Risks Related to General Management
    Examples: Contractual disputes, investment in new businesses, geopolitical risks
  2. Risks Related to Accidents and Disasters
    Examples: Earthquakes, wind and flood damage, water and electric power service interruptions
  3. Risks Related to Discontinuation of Business
    Examples: Fire, equipment accidents, production impediments, disruptions to raw material procurement, massive shortage of operators due to pandemics or other factors, mission-critical systems failure
  4. Risks Related to Compliance
    Examples: Antitrust violations, violations of laws related to corruption and anti-corruption, violations of employment and labor standards-related laws and ordinances, violations of environmental regulations
  5. Risks Related to Information
    Examples: Leaking of trade secrets, network shutdowns
  6. Risks Related to Intellectual Property
    Examples: Infringing upon intellectual property rights or suffering infringement
  7. Risks Related to Human Resources, Employment, and Human Rights
    Examples: Labor issues, human rights violations, harassment, occurrence of scandals, crimes and other incidents
  8. Risks Related to Taxation and Accounting
    Examples: Funding impediments, rapid exchange rate fluctuations
  9. Risks Related to Products and Services
    Examples: Quality issues, complaints
  10. Risks Related to Safety and Health
    Examples: Industrial accidents, employee’s health issues due to outbreak of infectious disease or other factors
  11. Risks Related to the Environment
    Examples: Pollution, environmental accidents
  12. Risks Related to Credit
    Example: Bankruptcy of a customer

2. Determining Policy with regards to Risk Countermeasures and Reporting the Status of Such Countermeasures

Responsibility for each risk is allocated between departments according to the priority established in (1) above, and the policy on risk countermeasures is determined via discussion within a company-wide committee known as the BSC (Business Security Committee). The BSC meets every year, with not only the Chairman & CEO and other senior management in attendance, but also responsible members of each department, factory, plant and group companies worldwide. It decides company-wide policy regarding risk management, deliberates and determines risk prevention measures, discusses responses on cross-department risks and new risk phenomenon and exchanges a broad range of information about risk management in general.

BSC's Structure and Objectives

BSC's Structure and Objectives

3. Response to Each Risk

Each department, factory, plant, and SUMCO Group company responds to risk in accordance with the policy confirmed by the BSC, creates a business continuity plan (BCP; described later) and other necessary frameworks, and implements training and other regimens designed to improve response in emergency situations. In this way, we strive to prevent risks from manifesting, minimize damage and strengthen business continuity. The status of risk countermeasures is reported to the BSC mentioned above each year and reviewed by the senior management.

Ensuring Business Continuity

Our Basic Rules on Risk Management define business continuity as an important management issue, and we have been working to develop and improve our BCP (business continuity plan) to ensure business continuity.
The details of the BCP, and its state of improvements, the results of trainings and drills, and other matters are reported on the BSC, and the BSC verifies the effectiveness of the BCP, and determines policies on future action to be taken. Each department and group company improves the BCP further according to the policies.
In 2022, we confirmed procedures to transfer head office operations elsewhere, the implementation status of drills and exercises carried out by each department and issues to be addressed in the future based on the assumption of a large-scale earthquake beneath the Tokyo metropolitan area which leads the disfunction of Tokyo Head Office. These efforts were part of activities to further enhance the BCP readiness of the head office.
We also conduct integrated emergency response drills at each plant, which include activities such as evacuation, firefighting, reporting, rescue, emergency relief and transportation in the event of a disaster such as an earthquake.  In addition to those drills above, we also conduct regular BCP training to confirm procedures and the contents of the BCP and enhance our response capabilities. Continuous improvements are made by reviewing the training results, identifying issues, and revising procedures and other contents after conducting the drills. Furthermore, at each site, we are implementing measures to minimize damage and ensure swift recovery in the event of a disaster such as an earthquake. This includes facility improvements such as installing earthquake-resistant measures seismic reinforcement and stockpiling necessary tools, materials and equipment to promptly resume production.

PhotoPhotoIntegrated Emergency Response Drill

PhotoPhotoIntegrated Emergency Response Drill

PhotoPhotoBCP training at Miyazaki Plant of SUMCO TECHXIV Corporation

Improvement in Emergency Response Capability

The SUMCO Group has established a manual to enable speedy response, ensure employee safety, protect company assets and restart business operations as soon as possible in the event of a large-scale earthquake or other disaster/accident. The manual sets out items concerning the preparation of stockpiles for disaster prevention, the initial response to be taken at each site after a disaster has struck, as well as the establishment and roles of an Emergency Response Team in the event of an emergency. Additionally, we regularly conduct initial firefighting drills such as the handling of fire extinguishers and fire hydrants, and training on the employment of lifesaving measures such as CPR and AED usage, in order to reduce damage in the event of a disaster. We also conduct exercises such as carrying drills using cloth stretchers to simulate an evacuation by stairs to further enhance employees' ability to respond in an emergency.
Additionally, at our Kyushu Factory we periodically conduct joint response drills with suppliers that deliver chemicals to our sites so that all involved can take safe and smooth action in the event of a leakage of chemicals during delivery.

PhotoPhotoFirst Aid Drill

PhotoPhotoLifesaving Training

Information Management

The Company understands the importance of information in business operations and clearly stipulates the appropriate use and management of our trade secrets and all other information including confidential information received from others in the SUMCO Charter of Corporate Conduct. We have also established the Rules on Information Management along with related regulations, guidelines and other materials. We make every effort to appropriately manage and prevent leaks of our trade secrets and confidential information received from customers, suppliers and other parties by conducting regular training for all employees on these information management rules and information security.
In an effort to prevent computer system-related leaks and stop information from leaking outside the Company, the Company also implements a range of measures, under the supervision of the General Manager of AI Promotion Division who is responsible for information security, to address various risks, such as external attacks on our computer systems via the internet, the unauthorized use of computer systems and viruses that target computer systems. Regarding security incidents, we have established a Computer Security Incident Response Team (CSIRT) and implemented a system to ensure appropriate response, including the establishment of countermeasure manual.
Additionally, SUMCO has established the Rules on Personal Information Management in accordance with the Act on the Protection of Personal Information to ensure that personal information is managed appropriately.

Safety Confirmation System

The SUMCO Group has introduced a "Safety Confirmation System" which enables quick conformation of the safety status of employees working in Japan. We think the system also helps speed up post-disaster recovery efforts.

Computer System-related Disaster Countermeasures

The Company has ensured redundancy for mission-critical and peripheral systems used on a company-wide basis, establishes equivalent backup servers and performs data synchronization in order to continue business operation even in the event that a server installation location is damaged by a large-scale disaster such as a major earthquake.
We conduct regular drills on switching to backup servers to confirm our switchover procedures and other details.



Katsuhito Asahi, Unit Leader
Nagasaki Safety and Disaster Prevention Section, General Affairs Department, SUMCO TECHXIV Corporation

Q. Please describe the status of implementation and the level of participation in the emergency response drills you conduct at the plant.

For integrated emergency response drills, we envisage a major earthquake measuring upper 6 on the intensity scale having occurred. With the disaster control headquarters comprised of key executives and managers we mainly confirm the actions taken in the initial response. In recent years we have focused the drills on confirming the safety of employees, searching for missing people, conducting rescue and relief activities, providing emergency medical care and selecting multiple safe evacuation routes from the perspective of placing the highest priority on human life. In fiscal year 2019, more than 400 people in Nagasaki Plant took part in the drills, a figure which suggests a heightened interest in disaster prevention among employees. We also conduct late-night emergency response drills for shift workers, envisaging a scenario in which a major earthquake strikes at night, including coordination with disaster-prevention centers . Each year when we conduct our emergency response drills, we ask the local Omura Fire Department to attend. In addition to reviewing the drills overall, the members of the fire department offer valuable insight and guidance on where we need to improve from their perspective as professionals. Moving forward, we will share these areas for improvement with employees through internal meetings, continue to coordinate with the local community with the aim of further raising our disaster mitigation and prevention levels, and ensure our capacity for self-help, cooperation, and public assistance in times of disaster.