Sustainability

Strengthen Risk Management

The RIKEN TECHNOS GROUP sees factors that affect the achievement of corporate goals as risks, and undertakes thorough risk management. Based on the RIKEN TECHNOS GROUP Basic Policy on Risk & Compliance, our basic policy for risk management and compliance is to practice the RIKEN TECHNOS WAY, comply with the Code of Conduct, ensure the soundness of management, ensure stable business continuity, prioritize human life, instill the spirit of compliance, and eliminate or mitigate factors that hinder stakeholder interests.

Riken Technos Group Basic Policy on Risk & Compliance

Table of Contents

Chapter 1 General Provision

Article 1

Purpose

Article 2

Scope of Applicable Organization

Article 3

Definition

Article 4

Basic Risk Management Policy

Chapter 2 Risk Management System

Article 5

Chief Risk Management Officer

Article 6

Responsibilities of Senior General Manager, General Manager, and Consolidated Subsidiary President & CEO

Article 7

Risk & Compliance Committee

Article 8

Activities of the Committee

Article 9

Activities of the Committee Secretariat

Article 10

Purpose of the Product Safety Committee

Article 11

Composition of the Product Safety Committee

Article 12

Activities of the Product Safety Committee

Chapter 3 Risk Management Action

Article 13

Risk Survey

Article 14

Identification and Evaluation of Risks and Compliance

Article 15

Audits, etc.

Article 16

Publication of Important Risks, etc.

Article 17

Principle of Emergency Response

Article 18

Improving Risk Management and Compliance Systems

Indicators and Targets

Indicators	Scope	Unit	FY2022	FY2023	FY2024	Medium- to Long-term Targets
Indicators	Scope	Unit	FY2022	FY2023	FY2024	FY2027	FY2030
Ratio of IT security lectures	non-consolidated	%	91	97	98	100	100

Risk Management System

At the RIKEN TECHNOS GROUP, the Risk & Compliance Committee centrally and comprehensively manages risks faced by Group companies to enhance the effectiveness of risk management and further improve compliance. Besides identifying, analyzing, and evaluating the Group’s overall risks, the Committee understands critical risks, identifies risks requiring a priority response, and formulates countermeasures for those risks. Furthermore, the Committee identifies and evaluates human rights risks. The Committee carries out comprehensive risk management for the Group as a whole, such as confirming the progress of risk countermeasures every six months, making revisions to them, and instructing the relevant departments to carry out improvements, as necessary.

Risk Identification Process

Divisions and consolidated subsidiaries comprehensively identify risks that may affect their business operations to create a list of internal control risks at the start of the fiscal year. The Risk & Compliance Committee then integrates these risks and evaluates them in terms of probability and impact on business. Subsequently, the committee identifies Group-wide risks requiring a priority response throughout the fiscal year that should involve the active participation of the management.
To enhance Group governance (internal control), we implement risk management that is consistent Group-wide by understanding risks comprehensively across the entire Group and implementing a PDCA cycle for their countermeasures.

Overview of Risks Requiring a Priority Response in the RIKEN TECHNOS GROUP and Their Countermeasures

Improvement of Product Safety

Product safety is the responsibility of manufacturers, and we have kept this in mind since RIKEN TECHNOS was established. We are further enhancing our product safety measures and complying with the Japanese Product Liability Act. We have not had a single product liability issue with any of our products for which product liability is a special concern (our products for medical use or our products which have received public certification, such as UL certification).
The Product Safety Committee conducts activities to identify and reduce our risks, including compliance with the Product Liability Act and management of chemical substances. In addition to products for which product liability is a special concern, cases that the overseeing department or the committee sees the need for risk identification and reduction are discussed by the committee to improve product safety.

Procedure for Product Safety Inspections

Business Continuity Management and Response to Emergency Situations

The RIKEN TECHNOS GROUP anticipates various situations— such as natural disasters, cyberattacks, and political and geopolitical risks—to quickly and accurately respond to risks that are becoming more diversified and complex. We have established and are strengthening our business continuity management (BCM) structure to ensure a stable supply of essential products and business continuity. In this way, we strive to minimize management risk from business disruptions and improve the resilience of our entire supply chain. We also put in place a system for minimizing damage and losses by stating the organizational structure during emergency situations, specific procedures of each employee, and other such matters in the Emergency Response Basic Regulations and Disaster Response Procedural Manual and conducting regular training.

Disaster Response Organization — Business Continuity Management

Information Security

To strengthen cybersecurity measures, our Group has formulated the RIKEN TECHNOS GROUP Information System Management Regulations and the RIKEN TECHNOS GROUP Information Security Regulations. We are strengthening IT security and taking measures against the risk of information leakage and other risks. We also strive to minimize information security risks through access restriction, data encryption, and other methods, and have installed the latest protection system.
As an initiative to improve employees’ literacy, at the IT security lectures conducted annually for all employees, we share measures to prevent information security incidents―such as virus infection and information leakage―and the responses to take when an incident occurs. In addition, we conduct practical education through targeted email attack training.
Furthermore, we have established and are operating the RIKEN TECHNOS CSIRT as a system to lead cybersecurity incident prevention activities and measures against such incidents when they occurred.

Management of Consolidated Subsidiaries

The Corporate Planning Division, as the division in charge of comprehensive business management of consolidated subsidiaries, ensures efficiency and soundness of Group management by providing consolidated subsidiaries with guidance on building internal control systems and promoting information sharing.
Our divisions receive the necessary reports about the situations at consolidated subsidiaries such as the state of management and the financial situation based on the RIKEN TECHNOS GROUP Regulations for Management of Consolidated Subsidiaries. The aforementioned regulations also state the report recipients and reporting method in the event of a risk occurring at a consolidated subsidiary to put in place a system for fast and appropriate response.
The Corporate Planning Division arranges an operational report meeting of consolidated subsidiaries, attended by the president & CEO and relevant executive officers, at least twice a year. The Division also holds an information-sharing meeting semi-annually, attended by all consolidated subsidiaries to share information on the establishment of new group regulations, amendments to existing regulations, risk events in the Group, and good practices measures against these risk events, among others.

Internal Audits