Risk Management

Basic Stance

The Toyota Boshoku group is working to carry out risk assessments, comprehensively reinforce risk management and reduce risks in order to respond swiftly to major risks including management risk, risk in daily operations, risk associated with disasters and accidents, risk arising from the external environment such as global warming and water, risks relating to corruption (such as bribery, cartels (agreements upon bids, prices, allocating the supplier and any item to avoid competition among with competitors), embezzlement, and conflicts of interest), and social reputation risk.*

  • Risk of losing societal trust

Risk Management Activities

Centered on the Chief Risk Officer (CRO), regions, the Corporate Operation unit and other functions are working together to counter the various business risks and implement a PDCA (plan-do-check-action) cycle for risk management activities. In order to prevent and minimize damage, Toyota Boshoku strives to identify and manage risks in an integrated manner, and share risks across the whole group.
We have established the Risk Management Promotion Meeting to globally promote risk management activities related to business activity execution risk and business continuity risk at the Toyota Boshoku group, which convenes twice a year.
We are performing even more effective risk management activities, including monitoring the status of risk response by the Board of Directors.

The risk management system and associated activities

Figure:The risk management system and associated activities

Evaluation points for materiality-impacting risks (Impact level)

By managing risks from the perspective of improving corporate value over the medium- to long-term, we are able to prevent risks before they occur.

Materiality Evaluation points
  • 1. As an Interior Space Creator we will contribute to people’s quality of life, creating comfort, safety, and reassurance through innovation
Stable supply
  • 2. Using our established technical capability, we will contribute to realize a society with no traffic casualties through providing products that assure safety
Product safety
  • 3. Together with our business partners, we will realize MONOZUKURI innovations that minimize environmental stress
Environmental impact
  • 4. We will develop people capable of contributing to society, who have diverse values, a challenging spirit and understand the value of strong teamwork
Occupational safety
  • 5. We will continue to be a company of integrity trusted by all our stakeholders, inheriting our tradition of fairness and moral behavior to the next generation
Compliance

Response in the event of a crisis

Crisis levels

When a crisis occurs in the Toyota Boshoku group, the crisis level is determined according to the situation. We then appoint an appropriate chief of the disaster control headquarters, and set up a response system based on the crisis level.

Level Chief of the disaster control headquarters
Level A
(Serious crisis)
President
(Comprehensive Countermeasures Headquarters)
Level B
(Major crisis)
Chief Officer or Segment Chief of the Segment to which the department and region with responsibility for said risk(s) belongs
(Countermeasures project)
Level C
(Individualized response crisis)
Chief of department with responsibility for individual said risk(s), subsidiary company president
(Countermeasures team)

Crisis response system (in case of Crisis Level A)

Figure:Crisis response system (in case of Crisis Level A)

Main Actions Taken against Priority Risks in Fiscal 2025

Risk Main actions taken in fiscal 2025
Earthquakes
  • Evacuation drills, drills for setting up a company-wide disaster response headquarters, on-site in-house firefighting organization drills
  • Promotion of Business Continuity Management (BCM) activities, etc.
Cyberattack
  • Enhancement of company members' awareness of security (security training, targeted e-mail drills)
  • Strengthening of security measures at affiliates/suppliers inside and outside Japan
  • Automatic disconnection of PCs and servers suspected of being infected with viruses from the network, etc.
Fraud damage
  • Prevention of past problems recurring, activities to have this established/entrenched
  • Implementation of training by job level, various training programs, audits, etc.
Falsification or concealment of quality/testing data
  • Internal hearings, periodic supplier inspections, establishment of a quality-related misconduct prevention mechanism, establishment of a system for checking certified work, education on quality fraud prevention, and awareness-raising through introduction of fraud cases among other companies at the Global Quality Learning Center (GQLC).

Global Priority Risks in Fiscal 2026

Based on the results of the risk assessment for fiscal 2025, we selected global priority risks for fiscal 2026.

Risk map formulation process

Considering the risk environment surrounding the Toyota Boshoku group, CRO and others selected (drafted) the global priority risks based on:
(1) results of risk analysis and assessment by the department responsible for risk;
(2) risks considered important by external organizations, etc.; and
(3) information on crises that have emerged within the Toyota Boshoku group.
These global priority risks were then discussed and finalized by the Risk Management Promotion Meeting.

4 Global priority risks in fiscal 2026

  • Earthquakes
  • Fire and explosion
  • Cyberattack
  • Geoeconomic risk

FY2026 risk map

Figure:risk map

Education and training

To enhance understanding of risk management activities and risk sensitivity, risk management training has been provided since fiscal 2022 for risk management personnel in the departments responsible for risk and at affiliated companies (inside and outside Japan).

Initiatives to enhance risk sensitivity

In fiscal 2025, we conducted training to strengthen self-help skills in the event of a disaster, and to deepen knowledge of economic security, cyberattacks, and dark part-time jobs (known as “yami baito” in Japanese; part-time jobs that make those who are recruited unwittingly complicit in criminal activities).
In addition, we regularly issue a risk management newsletter to share various risk cases within the Toyota Boshoku group and alert our company members to its publication.

Business Continuity Management (BCM) Activities

We are promoting BCM activities to enhance the effectiveness of the Business Continuity Plan (BCP), and build mechanisms to realize continuous improvement in normal times. In addition, we are carrying out activities including periodic evacuation drills, drills for setting up a response headquarters, emergency communication drills using safety confirmation tools, and stockpiling supplies for local residents.

Confidentiality Management and Information Security

The Toyota Boshoku group considers the appropriate management of confidential information to be a key element of our business activities. We have both created a group-wide Information Security Policy and assembled a global confidential information management system. Additionally, we are working together as one group to systematically and continuously strengthen our information security.
In addition, once a year, the Company and its consolidated subsidiaries inside and outside Japan collaborate to inspect the status of information security initiatives using the security guidelines, thereby improving internal systems, rules, education, and technical measures to ensure the same level of security on a global basis. In addition to the establishment of systems, we believe in the importance of education, and regularly conduct activities to raise company members’ security awareness such as through e-Learning training and drills in targeted e-mail.
The security guidelines are based on ISO 27001/27002, NIST (the United States’ National Institute of Standards and Technology) Cybersecurity Framework, the Cybersecurity Management Guidelines of Japan’s Ministry of Economy, Trade and Industry, etc., and are periodically reviewed to ensure they are responsive to changes in the environment.
We also update our confidentiality management rules and related procedures, and have introduced an internal information leak detection system to counter the risk of confidential information leaks.
Particularly in recent years, we are focusing not only on in-house countermeasures, but also on close cooperation with group companies and suppliers to prevent weak spots emerging in any part of the supply chain. In order to counteract increasingly sophisticated and diverse cyberattacks, we are enhancing our specialized knowledge, and proactively providing explanations and proposals addressing the importance of confidentiality management and information security, along with specific countermeasures.
Also, we are working in unity with group companies and suppliers, aiming to further strengthen security measures.
Going forward, we will treat thorough protection of safety and security throughout the supply chain as a top priority issue, and aim to further advance by strengthening our activities each year.

Information Security Policy

Structure of activity promotion with consolidated subsidiaries

Figure:Structure of activity promotion with consolidated subsidiaries

Specific confidentiality management actions undertaken

●Training of company members

1. Carrying out training for personnel in charge of confidentiality management / personnel responsible for confidentiality management in each Toyota Boshoku division (once a year)
2. Carrying out intra-division training using audio-based training materials posted on the intranet by personnel in charge of confidentiality management / personnel responsible for confidentiality management in each Toyota Boshoku department (once a year)
3. Carrying out various levels of training at Toyota Boshoku, including upon joining the company, upon receiving promotion, etc. (each training once a year)
4. Carrying out e-Learning training (twice a year) for all company members in the Japan region, including officers

●Educational activities

1. Posting information on the intranet, showing videos in cafeterias, displaying informational and caution-prompting message upon startup of personal-use PCs at Toyota Boshoku (twice a month)
2. Carrying out activities designed to improve awareness and understanding during Confidentiality Management Month* at Toyota Boshoku (October)

  • Carrying out distribution of CHRO (Chief Human Resource Officer) messages, workplace self-inspections, workplace discussions, etc.

●Drills

1. Targeted e-mail drills conducted by the Toyota Boshoku group except in certain regions (6 times a year)
2. Cyber incident response drills at Toyota Boshoku (once a year)

●Audits

1. On-site audits* by personnel in charge of confidentiality management at Toyota Boshoku (once a year)

  • Compliance with confidentiality management rules are confirmed on a Genchi-Genbutsu (go, see & study) basis

●Strengthening Japanese affiliates

1. Toyota Boshoku visits affiliated companies in Japan to conduct on-site checks on the status of confidentiality management, identify any problems at each company and resolve them

●Provisions in line with our security guidelines [Toyota Boshoku]

1. Systematic management planning (preparation of systems and rules, etc.)
2. Human resource management planning (training for company members, simulation training, etc.)
3. Technological management planning (improper system access/computer virus countermeasures, restoration measures, security surveillance, etc.)
4. Physical management planning (controlling access to relevant rooms/areas, etc.)
5. Preparation of response systems for accidents and hostile acts