At Renesas we understand that early identification and analysis of Group-wide risks and early responses to resolve them are vitally important management issues, and we are continually working on strengthening our risk management.
Risk Management System
We have established a group-wide risk management system based on the “Renesas Electronics Group Risk and Crisis Management Regulations”. We regularly maintain our risk management system for possible risks that may occur, and for each one a department will be put in charge of crisis management according to the type of risk, and that department will conduct the day-to-day risk management. We also attempt to identify and group risks in advance that are then represented realistically in our Risk Map, while at the same time formulating contingency measures to prevent those risks, as well as systems and response policies in the event of such risks happening. Furthermore, in the event of an emergency, we establish an Emergency Response Headquarters (ERHQ) led by our CEO, which brings information together, proposes countermeasures, and takes measures to minimize losses.
Renesas Group's Risk Management System
Emergency Task Force
Renesas Group Risk Management Control Flow
Formulation and Implementation of Our Business Continuity Management (BCM) Plan
There are many risks that threaten economic and social activities, such as the worldwide spread of COVID-19 in 2020, or natural disasters such as frequent large-scale earthquakes and typhoons. We have a Business Continuity Management (BCM) plan as an integral part of our efforts to strengthen our risk management system so that even if such events occur, business activities will not be interrupted and impact the supply chain. All Renesas Group companies work together to formulate and promote our BCM plan in order to ensure the safety of employees, ensure a stable supply of materials and services, and also the conservation of operational resources.
We are currently carrying out a comprehensive inspection and review of our BCM plan, drawing on the experiences from damages to the manufacturing sites caused by the Great East Japan and Kumamoto Earthquakes, as well as the predicted damage scenarios of an earthquake directly beneath the Tokyo metropolitan area and a Nankai Trough Earthquake (note) to further strengthen our BCM plan. Specifically, these measures include the review of the restoration operations after a disaster (restoration procedures, clarification of personnel in charge, etc.) as well as measures to enhance earthquake resistance in manufacturing sites in preparation of large-scale earthquakes, the establishment of alternative production networks in case a manufacturing site is impacted by such disasters, and also strengthened risk communication with our customers even in normal times.
Each department involved in these issues has developed and implemented the aforementioned countermeasures sequentially. These measures are also shared across the entire Group, thus enhancing our business continuity capabilities and fulfilling our social responsibilities.
Note: Based on the estimated impact caused by either a Nankai Trough Earthquake, a Subduction Zone Earthquake around Japan Trench and Chishima Trench, an earthquake directly beneath the Tokyo metropolitan area, or earthquakes directly beneath the Chubu and Kinki areas, which have all been listed by the Japanese Cabinet Office as large-scale earthquakes likely to occur in the near future.
Information Security Policy
Society’s trust is vital to any business. We established an Information Security Policy in order to appropriately protect not only information entrusted to us by our customers and business partners, but also all information assets handled by our Group.
- Compliance with Laws and Regulations
We strictly adhere to all laws, national guidelines and regulations related to information security, and company regulations.
- Operational System
We have built an operational system for information security measures and will continue to both maintain the system and implement improvement activities.
- Management of Information Assets
In order to ensure information security, we have established and will continue to manage the correct handling of information assets in accordance with their importance.
In order to raise the awareness of all our employees and executives, we provide education on items that need to be implemented in everyday operations, including laws and regulations related to information security, governmental guidelines or company regulations.
- Accident Prevention and Response in the Event of an Accident
We strive to prevent information security accidents from happening. In the unlikely event of an accident, we will take measures to minimize its impact, investigate the cause promptly, and take appropriate measures prevent any recurrences.
- Renesas has robust executive oversight for its ongoing security program.
- We have a comprehensive testing and vulnerability management regime.
- We recognize that staff training is crucial and have regular training and refreshers on cyber security best practice.