We at the Kyowa Kirin Group (hereafter referred to as "Our Group") have established the "Kyowa Kirin Group Risk Management Policy," based on which we are implementing risk management at all our Group companies. This Policy is enacted with reference to international standards such as ISO 31000 and COSO (The Committee of Sponsoring Organizations of the Treadway Commission).
Risk Management System
At our Group, risk management refers to a series of ongoing activities to identify and analytically assess risks that may affect management, respond to the risks, confirm the responses made, and make improvements to the responses. Updates on our risk management activities are reported at the quarterly Group CSR Committee meeting, where the effectiveness of the risk management is verified. These activities are also reported to the Board of Directors.
The situations that inhibit the achievement of our management goals, we define as "crises" those that may have a profound impact and require a rapid response. In addition, we define "crisis management" as activities to minimize the impact when risks turn into crises. We prioritize human life and health, and act quickly and accurately with the aim of minimizing the impact of the crisis and promptly returning to normal business operations.Especially, we think it crucial to quickly report the detection of the crisis sprout to the superiors or the department in charge of crisis (called "Bad News Fast") and to verify the firm execution of the prevention measures by monitoring.
Business Continuity Plan
We have a Business Continuity Plan (BCP) as a means of fulfilling our CSR by ensuring continued merchandise production and shipment even in the event of difficulties faced in continuing our normal business activities due to a disaster or accident. New ideas and know-how gained through our disaster drills and workshops are reflected in our company-wide BCP guideline, BCP basic plans and BCP action plans for constant improvement.
To manage the information assets appropriately, the Kyowa Kirin Group has established the "Group Information Security Policy," under which it has established the "Group Information Security Management Regulations" and "Regulations for Confidential Information Management."
Pursuant to such policies and regulations, we designate a manager to oversee our information security across our Group, as well as departmental managers in charge of information security at each department. We also implement education and training to raise awareness of information security risks among employees and make rigorous efforts to ensure appropriate management of information.