The Otsuka group carries out risk management under the supervision of top management based on the recognition that pursuing management efficiency and controlling the risks inherent in its business activities is key if it is to enhance corporate value.
Risk Management System
In establishing a risk management system for the Otsuka group, we have put in place Risk Management Policy and set up Risk Management Committee comprising director in charge of administration, President and Representative Director (as chair), and others. Leveraging the controls put in place by each risk management department, Risk Management Committee assesses and comprehensively manages the risks that jeopardize the enhancement of the group’s sustained corporate value.
We individually assess risks in each of our businesses. The risk management officer performs analyses and evaluation, formulates and executes action plans with the aim of meeting objectives and targets for the organization, and periodically implements employee training with reference to events that could pose a risk within the organization. Training related to topics such as corruption prevention and the protection of human rights based on the Otsuka Group Global Code of Business Ethics is also part of this approach. We also regularly hold drills to prepare for unexpected contingencies like disasters.
Business Continuity Planning and Management
The Otsuka group has business continuity plans (BCP) in place to ensure that the group continues to operate as effectively as possible and can maintain a stable supply of products, even when large-scale earthquakes and disasters strike. From the perspective of business continuity management (BCM), Otsuka Holdings and the group companies have jointly constructed a group-wide business continuity framework. We have gradually expanded the scope of this framework since acquiring ISO22301 certification in August 2012 for the production and stable supply of medicinal products, beverages, and foods. We then acquired certification for the stable supply of infusion solutions in April 2015, followed by the stable supply of anticancer drugs in May 2016. The acquisition of ISO22301 certification demonstrates that from a BCM standpoint, our organization is equipped with infallible business continuity capabilities. Through collaboration mainly between Otsuka Pharmaceutical, Otsuka Pharmaceutical Factory, Taiho Pharmaceutical, and Otsuka Warehouse, we are making every effort to strengthen our countermeasures and systems so that the Otsuka group as a whole can continue its business activities as best as possible and guarantee stable product supply even during times of disaster. In 2018, our major group companies jointly conducted a desktop simulation drill on the assumption of an earthquake with an epicenter directly below Tokyo. The drill provided an opportunity to test out our collaborative framework based on the topic of ensuring stable product supply.
In striving to raise the level of, and constantly improve, comprehensive security across the group, we set up Otsuka Group Information Security Committee to facilitate the sharing of up-to-date security information and the examination of specific security measures. In order to counter the risk of cyber-attacks, the Otsuka group employs a number of measures, such as arranging system security audits by external specialists, diagnosing website vulnerabilities, conducting drills related to targeted email attacks, and monitoring posts on social media. In addition, the group conducts regular emergency drills with a focus on core systems which construct data. The Otsuka group has established a management system to protect sensitive personal information of its customers and has acquired personal information protection management system (PrivacyMark) certification and information security management system (ISMS) certification for its businesses where appropriate. Otsuka also established its EU General Data Protection Regulation Compliance Policy in 2017 concerning General Data Protection Regulation (GDPR) as part of groupwide initiatives on information security.