Risk Management
- Why SUMCO Addresses Risk Management
-
The Silicon wafer business is a critical industry that supports our IT-oriented society, and the SUMCO Group is responsible for the stable supply of silicon wafers to semiconductor device manufacturers around the world. For this reason, the SUMCO Group regards business continuity as a key management concern.
The Business Security Committee (BSC), which is an organization responsible for company-wide risk management, identifies, analyzes and assesses risks, implements countermeasures and promotes risk management activities including the formulation of business continuity plans (BCP), with the aim of predicting risks in advance, preventing them from being realized and minimizing damages when a risk is realized. - Risk Management Basic Policy
-
SUMCO has set forth basic matters pertaining to risk management in the Basic Rules on Risk Management, under which we undertake risk management activities.
Our basic approach to responding to risks involves the following two points.- Prioritize the handling of risks by likelihood of occurrence and severity of impact from the viewpoints of ensuring optimum allocation of management resources and the effectiveness of risk management.
- Minimize damage and loss by preventing the suspension or discontinuation of business activities to ensure business continuity in the event of an accident or other emergency situation.
SUMCO's Risk Management Framework
1. Risk Assumptions and Identifying Risk
SUMCO analyzes risks that could impact business continuity for SUMCO's departments, plants, offices, and SUMCO Group companies, identifies the level of impact for each risk, and assigns priority to each risk in accordance with the Basic Rules on Risk Management mentioned above. Risks which pose a major threat to business continuity are defined in the Basic Rules on Risk Management.
When taking on a new business as well, we use a same process to analyze business risk and assign priority.
Major Risks Recognized in the Basic Rules on Risk Management
- Risks Related to General Management
Examples: Contractual disputes, investment in new businesses, geopolitical risks - Risks Related to Accidents and Disasters
Examples: Earthquakes, wind and flood damage, water and electric power service interruptions - Risks Related to Discontinuation of Business
Examples: Fire, equipment accidents, production impediments, disruptions to raw material procurement, massive shortage of operators due to pandemics or other factors, mission-critical systems failure - Risks Related to Compliance
Examples: Antitrust violations, violations of laws related to corruption and anti-corruption, violations of employment and labor standards-related laws and ordinances, violations of environmental regulations - Risks Related to Information
Examples: Leaking of trade secrets, network shutdowns - Risks Related to Intellectual Property
Examples: Infringing upon intellectual property rights or suffering infringement - Risks Related to Human Resources, Employment, and Human Rights
Examples: Labor issues, human rights violations, harassment, occurrence of scandals, crimes and other incidents - Risks Related to Taxation and Accounting
Examples: Funding impediments, rapid exchange rate fluctuations - Risks Related to Products and Services
Examples: Quality issues, complaints - Risks Related to Safety and Health
Examples: Industrial accidents, employee’s health issues due to outbreak of infectious disease or other factors - Risks Related to the Environment
Examples: Pollution, environmental accidents - Risks Related to Credit
Example: Bankruptcy of a customer
2. Determining Policy with regards to Risk Countermeasures and Reporting the Status of Such Countermeasures
Responsibility for each risk is allocated between departments according to the priority established in (1) above, and the policy on risk countermeasures is determined via discussion within a company-wide committee known as the BSC (Business Security Committee). The BSC meets every year, with not only the Chairman & CEO and other senior management in attendance, but also responsible members of each department, factory, plant and group companies worldwide. It decides company-wide policy regarding risk management, deliberates and determines risk prevention measures, discusses responses on cross-department risks and new risk phenomenon and exchanges a broad range of information about risk management in general.
- BSC's Structure and Objectives
3. Response to Each Risk
Each department, factory, plant, and SUMCO Group company responds to risk in accordance with the policy confirmed by the BSC, creates a business continuity plan (BCP; described later) and other necessary frameworks, and implements training and other regimens designed to improve response in emergency situations. In this way, we strive to prevent risks from manifesting, minimize damage and strengthen business continuity. The status of risk countermeasures is reported to the BSC mentioned above each year and reviewed by the senior management.
Ensuring Business Continuity
Our Basic Rules on Risk Management define business continuity as an important management issue, and we have been working to develop and improve our BCP (business continuity plan) to ensure business continuity.
The details of the BCP, and its state of improvements, the results of trainings and drills, and other matters are reported on the BSC, and the BSC verifies the effectiveness of the BCP, and determines policies on future action to be taken. Each department and group company improves the BCP further according to the policies.
Every year, SUMCO confirms procedures to transfer head office operations elsewhere, the implementation status of drills and exercises carried out by each department and issues to be addressed in the future based on the assumption of a large-scale earthquake beneath the Tokyo metropolitan area which leads the disfunction of Tokyo Head Office. We continue with activities aimed at further enhancing the readiness of the head office's BCP.
We also conduct integrated emergency response drills at each plant, which include activities such as evacuation, firefighting, reporting, rescue, emergency relief and transportation in the event of a disaster such as an earthquake. In addition to those drills above, we also conduct regular BCP training to confirm procedures and the contents of the BCP and enhance our response capabilities. Continuous improvements are made by reviewing the training results, identifying issues, and revising procedures and other contents after conducting the drills. For example, at the Miyazaki Plant of SUMCO TECHXIV Corporation, practical simulation training was conducted in anticipation of the Nankai Trough Earthquake, leading to the confirmation and improvement of disaster BCP procedures. Furthermore, at each site, we are implementing measures to minimize damage and ensure swift recovery in the event of a disaster such as an earthquake. This includes facility improvements such as installing earthquake-resistant measures seismic reinforcement and stockpiling necessary tools, materials and equipment to promptly resume production.
Improvement in Emergency Response Capability
The SUMCO Group has established a manual to enable speedy response, ensure employee safety, protect company assets and restart business operations as soon as possible in the event of a large-scale earthquake or other disaster/accident. The manual sets out items concerning the preparation of stockpiles for disaster prevention, the initial response to be taken at each site after a disaster has struck, as well as the establishment and roles of an Emergency Response Team in the event of an emergency. Additionally, we regularly conduct initial firefighting drills such as the handling of fire extinguishers and fire hydrants, and training on the employment of lifesaving measures such as CPR and AED usage, in order to reduce damage in the event of a disaster. We also conduct exercises such as carrying drills using cloth stretchers to simulate an evacuation by stairs to further enhance employees' ability to respond in an emergency.
Additionally, at our Kyushu Factory we periodically conduct joint response drills with suppliers that deliver chemicals to our sites so that all involved can take safe and smooth action in the event of a leakage of chemicals during delivery.
Information Management
The Company understands the importance of information in business operations and clearly stipulates the appropriate use and management of our trade secrets and all other information including confidential information received from others in the SUMCO Charter of Corporate Conduct. We have also established the Rules on Information Management along with related regulations, guidelines and other materials. We make every effort to appropriately manage and prevent leaks of our trade secrets and confidential information received from customers, suppliers and other parties by conducting regular training for all employees on these information management rules and information security.
In an effort to prevent computer system-related leaks and stop information from leaking outside the Company, the Company also implements a range of measures, under the supervision of the General Manager of AI Promotion Division who is responsible for information security, to address various risks, such as external attacks on our computer systems via the internet, the unauthorized use of computer systems and viruses that target computer systems. Regarding security incidents, we have established a Computer Security Incident Response Team (CSIRT) and implemented a system to ensure appropriate response, including the establishment of a countermeasure manual.
Additionally, we conduct regular CSIRT training exercises to prepare for potential security incidents.
Furthermore, SUMCO has established the Rules on Personal Information Management in accordance with the Act on the Protection of Personal Information to ensure that personal information is managed appropriately.
Safety Confirmation System
The SUMCO Group has introduced a "Safety Confirmation System" which enables quick conformation of the safety status of employees working in Japan. We think the system also helps speed up post-disaster recovery efforts.
Computer System-related Disaster Countermeasures
The Company has ensured redundancy for mission-critical and peripheral systems used on a company-wide basis, establishes equivalent backup servers and performs data synchronization in order to continue business operation even in the event that a server installation location is damaged by a large-scale disaster such as a major earthquake.
We conduct regular drills on switching to backup servers to confirm our switchover procedures and other details.