Risk Management

Basic Initiatives

We anticipate specific risks surrounding the entire Group from normal times and establish preventive measures against the losses caused by those risks. Furthermore, we take post-treatment measures and recurrence prevention measures to ensure the safety of employees’ lives and bodies and minimize losses even when risks become apparent.
Specifically, we create an environment in which preparations and measures necessary for business continuity and stable development can be taken effectively and efficiently by formulating Risk Management Policy and clarifying the definition of risk, management system, information management policy, etc. in Stanley.
In addition, we implement company-wide risk management such as risk analysis/identification and preparation of a risk aversion manual with the Risk Management Committee chaired by a Director playing a key role. Risk Management Committee is held regularly irrespective of whether or not an incident has occurred, and promotes the formulation and approval of “key risks” and “risk scenarios,” and communications of them to divisions and supervising departments. If a risk were to materialize, the Risk Management Committee would set up a BCP (Business Continuity Plan) Headquarters to take an integrated response to the occurrence of an incident.
We are currently reviewing our risk management system to ensure we are able to respond in a flexible and agile manner to various newly foreseen risks.

Risk Management Committee System

The Risk Management Committee anticipates specific risks surrounding the entire Group and establishes measures to prevent losses caused by such risks, as well as ensures safety in the event of crises and minimizes losses by taking measures in an effective and efficient manner to deal with the aftermath and prevents such events from recurring, to ensure continuity and stable growth of businesses.

Assumed Major Risks and Examples of Countermeasures

We regard events that have an unfavorable impact on management and business when they become apparent as “risk.”

Examples of major risks we assume

  • Natural disasters (earthquakes, typhoons, etc.)
  • Fire, explosion, and other unexpected incidents
  • Human resources and labor issues
  • Spread of infectious disease
  • Environmental pollution
  • Violation of laws and regulations (violation of Antimonopoly Act, product regulations, etc.)
  • On-the-job accidents
  • Bankruptcy of suppliers
  • Product liability
  • Compromise and leakage of information

Specific Risks Surrounding the Company

In recent years, natural disasters due to climate change caused by global warming have become more frequent in many areas. There are inherent risks, such as insufficient supply of raw materials and parts from suppliers and a decrease in customer production capacity, that may have a negative impact on our performance and financial conditions. In preparation for the possibility of such risks becoming apparent, we are working to minimize the impact by taking necessary measures for business continuity, such as a preliminary examination of the installation of disaster prevention equipment and production transfer implementation of disaster drills/BCP training, and others.
We also consider the risks posed by climate change using the analytical processes of the Risk Management Committee and monitor them regularly.

Information Security

Considering information security to be one of our important business challenges, we have in place the Information Security Basic Policy to protect personal information and other confidential information, and implement appropriate information security measures to ensure secure management.

Information Security Basic Policy

Stanley Group appropriately protects and manages important information based on the Stanley Group’s Code of Conduct. In doing so, we set activity targets with the goal of achieving the appropriate level of information security and work to improve the Stanley Group’s level of information security. Our Information Security Basic Policy is set out below.

  • 1

    Scope of application
    The information security management system (the “ISMS”) applies to all information assets related to our business activities.
    This policy applies to all of those who handle information assets owned by our employees, etc.

  • 2

    Handling of information assets
    Information assets refer to information and machines and structures that process information (including information systems and materials for system development, operation, maintenance and information services provided by service providers). They shall be maintained and managed in a well-balanced manner from the three perspectives of confidentiality, integrity and availability, and be effectively utilized.

  • 3

    Establishment, maintenance and improvement of the ISMS
    In order to establish and continuously maintain the ISMS, we shall establish relevant organizations and systems and carry out regular reviews, thereby ensuring continual improvement.

  • 4

    Implementation of information security measures
    We shall identify and quantify the threat and the vulnerability against the confidentiality, integrity and availability of information assets.
    Thereafter, we shall carry out regular risk assessments, and evaluate and continuously review our risk treatment.

  • 5

    Compliance with applicable laws and regulations
    Our employees shall comply with laws, regulations, social norms, contracts and internal regulations applicable in respect of handling information assets.

  • 6

    Education about information security
    We shall provide education and awareness necessary to ensure that the Information Security Basic Policy is complied with and information security measures are thoroughly implemented.

  • 7

    Incident prevention and response
    We work to prevent an information security incident from occurring, and in the event of the occurrence of an incident, we shall investigate the cause and promptly implement response measures. In addition, in the event of any breach of the information security, we will impose a severe punishment pursuant to applicable internal regulations, and shall take appropriate measures to prevent a recurrence.

Framework for Implementing Information Security Activities

At Stanley Electric, overall information security activities are controlled by the Information Security Secretariat established within the information systems department. General Managers of departments assume a role of Management Representative for information security, and implement information security activities of their own department together with information security personnel, network administrators and system administrators they appoint.
At the Group’s affiliates, they have the Information Security Secretariat in place, with their Presidents as Supervising Representatives for information security. As is in the case of Stanley Electric, General Managers of their departments assume a role of Management Representative for information security, and implement information security activities of their own department together with information security personnel, network administrators and system administrators they appoint.

Security Countermeasures on a Global Scale

In FY2023, we established a communication infrastructure that ensures security for the entire group. Two of our domestic and two overseas offices have also acquired certification under the industry standard for ensuring cyber security (TISAX) developed in Europe. We have enhanced security measures throughout us to comply with TISAX standards, and we plan to implement global security measures in the fields of IT and OT by the end of FY2025, including the development of systems and processes, as well as infrastructure that effectively utilizes technology.

To Governance