Risk Management

Basic Stance/Policy

THK has established a risk management structure that anticipates future circumstances, enabling management to take appropriate risks by identifying, analyzing, and responding to conceivable risks from the perspective of management and the company as a whole.

Policy

We facilitate assertive governance with elements of bold risk-taking.

Risk Management Committee

The Risk Management Committee convenes annually and is headed by the CEO. The committee, which is attended by outside directors and legal counsel, approves the annual activity plan and works to establish, promote, and maintain the risk management structure by controlling risks throughout the entire Group.

Risk Management System
Figure

Activities and Results (Including Goals)

Risk Management Activities

We prevent risks and minimize losses by instituting controls for risk categories, managing and reducing unavoidable risks, and otherwise managing risks across the entire Group in order to facilitate assertive governance with elements of bold risk-taking.

2018 Activities

Scroll left or right to view.

Activity Purpose Description
Maintaining a BCP promotion structure that will continuously reevaluate our BCP and ensure its practicality
  • Established a BCP Promotion Council under the Risk Management Committee
Reviewing our risk management structure related to everyday risk prevention and properly controlling risks
  • Identifying, classifying, analyzing, evaluating, and reviewing risks, and reporting results to directors
Verifying suitability of holding cross-held stocks
  • Verifying medium- to long-term financial sense and future outlook of primary cross-held stocks
Investment subcommittee studies
  • Conducting studies that act to support appropriate risk-taking

Establishing the BCP Promotion Council

We held our first BCP Promotion Council meeting in June 2018, inviting an expert to give a seminar about establishing a sound earthquake BCP plan to relevant staff from our production facilities and sales division.

Reviewing risk assessments

We have performed risk assessments to appropriately control our business risks. More specifically, we created a risk map and evaluated risks by identifying known risks in each department, categorizing them, and calculating their likelihood and impact. The results of those assessments were analyzed by the Risk Management Committee and reported to the Board of Directors.

Other

In April 2018, we held a lecture for new THK Group employees in Japan (114 high school graduates and 66 college graduates) covering our CSR and compliance activities. It was an opportunity for those employees to learn what a corporation’s social responsibilities are along with the basics of compliance before being assigned to their respective branches.

Information Security

Information security management

The Information Security Committee, chaired by the CEO, has been in place since 2006, and the organization, authority, and roles and responsibilities of its members are clearly defined in the committee’s regulations. This committee makes decisions concerning policies related to the establishment of information security systems, and it deliberates on responses to information security concerns.

In 2018, the activities below were conducted to strengthen information security.

Strengthening Information Security

Scroll left or right to view.

Activity Description
Training
  • Providing online training about personal information
Sending out alerts
  • Sending information about e-mail scams
Surveying and correcting current conditions
  • Internal information security audits (4 locations in Japan)
Measuring results
  • Self-survey on information security
GDPR compliance
  • Information session for staff in charge
  • Data mapping and checking for compliance
  • Establishing a privacy policy and internal rules
  • Appointing a DPO (Data Protection Officer)
System countermeasures
  • Monitoring and updating anti-virus software
  • Preventing unauthorized access and transmissions
  • Detecting and preventing intrusion of targeted e-mail attacks from external sources

GDPR compliance

The GDPR (General Data Protection Regulation) is a new framework for protecting the personal information of individuals living within the European Economic Area (EEA) and governs the processing1 and transferring2 of such data. At first glance, the GDPR may seem irrelevant outside of the EEA. However, because of corporate globalization, Japan and many other countries outside of the EEA are affected.

To understand how personal information was being processed and transferred at our locations in Japan and the EEA, we closely examined the areas that handle relevant personal information. Based on the results, we established a privacy policy and internal rules that comply with the GDPR. We have established a global framework for protecting personal information and properly manage the information we possess based on our policy and rules.

  • 1 Processing: Any act done to personal information (collecting, storing, disclosing, viewing, deleting, etc.)
  • 2 Transferring: Moving the personal information of EEA residents out of the EEA

BCP

Basic Stance/Policy

As a component manufacturer, THK is responsible for supplying parts to customers, no matter the situation. We have formulated a BCP (business continuity plan) to minimize damage and ensure a rapid business recovery in the event of a disaster, such as a large-scale earthquake (an earthquake registering at least 6 Lower on the seismic intensity scale, or one that brings about significant destruction).

Policy

As a company that supports industry around the world, it is our essential social responsibility to minimize any negative impact on society by fulfilling our responsibility to supply parts even in the event of unforeseen disasters.

Activities and Results (Including Goals)

BCP Strategies for a Large-Scale Earthquake
Activity Description
Servers
Earthquake-proofing
Emergency supplies
Safety drills

BCP measure: Maintaining main and backup servers in separate data centers

All of our data is stored and managed at two data centers in Japan to function as backups so that our sales and production activities can continue even after an earthquake or other natural disaster.

BCP measure: Practicing switching to backup servers in case main servers were to go down (once per year)

We have a schedule for rehearsing the process of switching over to backups in the event of a problem with our main equipment due to an earthquake or other natural disaster. We use a combination of practicing with the actual equipment and tabletop exercises with the staff in charge.

Earthquake-proofing: Installing equipment to prevent toppling of shelves that hold components, fixtures, and tools (Production facilities)

At our production facilities, we install equipment to prevent the toppling of storage shelves.

We also install seismic isolation systems for important machines, production tool racks, and more.

Image
Coordinate measuring machine with seismic isolation system installed

Earthquake-proofing: Installing equipment to prevent toppling (Sales offices)

We earthquake-proof items by installing equipment to prevent them from toppling.

Image
Cabinet with equipment installed to prevent toppling

All production and sales facilities: potable water, food, sanitary items, emergency supplies, and rescue equipment

All business locations are equipped with emergency supplies.

Image
Emergency supply room at the Yamagata plant

Safety drill: Annual drills at all locations

All production facilities perform emergency drills.
Sales offices perform emergency drills according to their tenant requirements.

Image
Fire-fighting exercise
Image
Nighttime emergency drill

Emergency drill: Annual satellite phone test

We regularly perform a satellite phone test at all locations to ensure communication in the event of a phone line service interruption during a disaster. We conducted a test in February 2018 and confirmed our system was operating normally.

PAGE TOP