At Renesas we understand that early identification and analysis of Group-wide risks and early responses to resolve them are vitally important management issues, and we are continually working on strengthening our risk management.
Risk Management System
We have established a group-wide risk management system based on the “Renesas Electronics Group Risk and Crisis Management Regulations”. We regularly maintain our risk management system for possible risks that may occur, and for each one a department will be put in charge of crisis management according to the type of risk, and that department will conduct the day-to-day risk management. We also attempt to identify and group risks in advance that are then represented realistically in our Risk Map, while at the same time formulating contingency measures to prevent those risks, as well as systems and response policies in the event of such risks happening. Furthermore, in the event of an emergency, we establish an Emergency Response Headquarters (ERHQ) led by our CEO, which brings information together, proposes countermeasures, and takes measures to minimize losses.
Renesas Group's Risk Management System
Emergency Task Force
Renesas Group Risk Management Control Flow
We disclose business risks identified by Renesas' Risk Management System led by our CEO in the “Business Risks” section of our 21st Annual Securities Report (in Japanese). Please refer to the table below for detailed descriptions of emerging risks we expect to have the greatest impact and our planned actions to minimize the impact on our business operation.
|Name of the Emerging Risk||Natural disaster/accident risk
(Fires and explosions
at production sites)
|Description||Large-scale earthquakes can not only damage Renesas Group’s facilities and equipment but also can disrupt and even stop our operations.||A fire, explosion, or other problems at our production sites can delay product shipments, reduce the shipment volume, and even suspend shipments.||Renesas Group or its customers may be sued for patent infringement by a third party. The result of the lawsuit may prevent the Group from manufacturing and selling its products in certain countries or regions and make Renesas liable for damages to third parties or customers.||Defects, anomalies, or failures in the product that cannot be discovered at the time of shipment may result in the return or replacement of the product, compensation for loss, or discontinuation of use of the product, which could adversely affect our business results and financial condition.|
Formulation and Implementation of Our Business Continuity Management (BCM) Plan
There are many risks that threaten economic and social activities, such as the worldwide spread of COVID-19 in 2020, or natural disasters such as frequent large-scale earthquakes and typhoons. We have a Business Continuity Management (BCM) plan as an integral part of our efforts to strengthen our risk management system so that even if such events occur, business activities will not be interrupted and impact the supply chain. All Renesas Group companies work together to formulate and promote our BCM plan in order to ensure the safety of employees, ensure a stable supply of materials and services, and also the conservation of operational resources.
We are currently carrying out a comprehensive inspection and review of our BCM plan, drawing on the experiences from damages to the manufacturing sites caused by the Great East Japan and Kumamoto Earthquakes, as well as the predicted damage scenarios of an earthquake directly beneath the Tokyo metropolitan area and a Nankai Trough Earthquake (note) to further strengthen our BCM plan. Specifically, these measures include the review of the restoration operations after a disaster (restoration procedures, clarification of personnel in charge, etc.) as well as measures to enhance earthquake resistance in manufacturing sites in preparation of large-scale earthquakes, the establishment of alternative production networks in case a manufacturing site is impacted by such disasters, and also strengthened risk communication with our customers even in normal times.
Each department involved in these issues has developed and implemented the aforementioned countermeasures sequentially. These measures are also shared across the entire Group, thus enhancing our business continuity capabilities and fulfilling our social responsibilities.
Note: Based on the estimated impact caused by either a Nankai Trough Earthquake, a Subduction Zone Earthquake around Japan Trench and Chishima Trench, an earthquake directly beneath the Tokyo metropolitan area, or earthquakes directly beneath the Chubu and Kinki areas, which have all been listed by the Japanese Cabinet Office as large-scale earthquakes likely to occur in the near future.
Information Security Policy
Society’s trust is vital to any business. We established an Information Security Policy in order to appropriately protect not only information entrusted to us by our customers and business partners, but also all information assets handled by our Group.
- Compliance with Laws and Regulations
We strictly adhere to all laws, national guidelines and regulations related to information security, and company regulations.
- Operational System
We have built an operational system for information security measures and will continue to both maintain the system and implement improvement activities.
- Management of Information Assets
In order to ensure information security, we have established and will continue to manage the correct handling of information assets in accordance with their importance.
In order to raise the awareness of all our employees and executives, we provide education on items that need to be implemented in everyday operations, including laws and regulations related to information security, governmental guidelines or company regulations. We also share how our information security management system works with our customers.
- Accident Prevention and Response in the Event of an Accident
We strive to prevent information security accidents from happening. In the unlikely event of an accident, we will take measures to minimize its impact, investigate the cause promptly, and take appropriate measures to prevent any recurrences.
Renesas has robust executive oversight for its ongoing security program.
- The Security Council led by CEO and the Chairman of the Board
- Information Systems Division led by CISO and Senior Director of Global Information Security
- Testing and Vulnerability Management
Our most recent assessments include:
- Annual external infrastructure and web application penetration testing (May 2023)
- Annual cybersecurity incidence response exercise (September 2022)
- Annual cyber controls assessment (April 2022)
- Employee Training
We recognize that employee education is crucial and provide training and refreshers on cybersecurity best practice to all employees of Renesas and its subsidiaries. We have been conducting Cyber Security Awareness Training throughout 2023.