Risk Management Basic Policy
The Advantest Group will conduct measures to minimize damage should any of the following events occur:
- If damage is caused to buildings or facilities, or if networks and systems stop functioning, thereby making it difficult to continue our business operations, or if there is the possibility of this type of situation occurring due to a disaster or accident;
- If there is the danger of one of our executives or employees being killed or injured or their life or physical health is put at risk due to a disaster or accident;
- If there is an occurrence of scandal or incident that has the potential to become a matter of social concern; or,
- If any event other than those described above were to occur that could cause a significant impact on the business of the Group or its affiliates due to a disaster or accident.
Approach to Materiality in Customer Privacy
|Supervising division||Legal/security departments|
|KPI||Number of claims related to informational security|
|Material Reasons||Information that we receive from our customers and business partners is information that should be socially protected and it is also thus an informational asset for the company. We recognize the proper protection and management of this information as vital.|
|Relevant complaint processing policy||We accept contact such as inquiries and complaints at the email address below that is publicized externally.
Risk Management System
In December 2001, Advantest established a Risk Management Group with the Company's president as its head. The Risk Management Group will convene when any of the above events occur, and will consolidate information flows, evaluate the problem, direct the initial response, and formulate recovery plans. The Group will remain in operation until recovery is complete.
Risks associated with Advantest's business are shown below.
Practice of Risk Management
Advantest is identifying risk related to each sector and affiliate company, conducting risk assessment to determine how to respond to risks and building a risk management system with the Internal Control Committee at the core.
We will monitor the state of our risk management and practice the plan-do-check-action cycle to review and improve the system in the future.
- Risks identified by risk assessment: 302 risks
To prevent a decline in productivity due to a change in leadership and prevent a decline in the failure tolerance of designs, risks that have been rectified are registered and shared as design information to respond.
Cultivating a Risk Management Culture
Advantest conducts risk management education for every employee for the purpose of correctly recognizing and properly handling risks the company faces.
Employee Training Conducted in FY2017
|Name of Training||Scope||Attendance Rate|
|Code of Conduct Training||Advantest Group||100.0%|
|Anti-corruption and Bribery Prevention Training||Advantest Group||100.0%|
|Intellectual Property Management Training||Advantest Group||99.4%|
|Occupational Health and Safety||Employees in Japan||97.0%|
|ISO14001 Environmental Education||Advantest Group||99.8%|
|Specialized Chemical Substance Training||Employees who interact with chemical substances||100.0%|
Business Continuity Plan
Advantest Corporation established the following basic policy during fiscal 2007 in preparation for large-scale natural disasters. We have devised our business continuity plan based on this policy.
Business Continuity Plan (BCP) – basic policies
- We will place top priority on ensuring human safety should a major disaster strike.
- We will fulfill our responsibility to our stakeholders by ensuring that any impairment to our operations has a minimal adverse impact on our suppliers and other stakeholders.
- We will cooperate with local bodies in regular disaster prevention measures, and if a disaster should strike near any of our locations, we will contribute to local recovery.
After the Great East Japan Earthquake in March 2011, we began reviewing our disaster prevention arrangements. In fiscal 2012, we revised our Business Continuity Plan (BCP) to take into account the possibility of an earthquake directly under Tokyo and flooding along the Tone River, and to ensure the integrity of our supply system even in the event of such disasters. Within the BCP, the following measures are stipulated in line with the basic policy.
|Basic Policy||Specific Measures|
|1. Ensuring human safety||In addition to continuing with regular disaster prevention drills and safety confirmation drills, we will strengthen crisis management and business continuity systems, making human safety the top priority.|
|2. Fulfillment of supply responsibilities||When an earthquake occurs, supply systems at our main manufacturing plant (i.e. the Gunma Factory) will continue. In the case of a flood, it is assumed that supply systems will be maintained at alternative manufacturing sites.|
|In preparation for cases where workplace attendance is temporarily impractical because of damage to offices or infrastructure, we will establish an environment allowing high-priority work to be done from home.|
|3. Regional & social contributions||Our Gunma R&D Center has been designated by the town of Meiwa as an evacuation shelter in case of flooding, and we contribute to the area by keeping the site ready for flood evacuees.|
Measures Implemented in fiscal 2017
In 2017, management reviews were conducted about the role, policies, and state of activities in August due to restructuring of the Risk Management Group. In these activities each quarter, we examined BCP training such as safety that includes the building and equipment related to disaster prevention training in addition to secondary disaster prevention inspections as well as organized and shared information for the initial response of supervisors and each person in charge of business locations. We also conducted training to confirm the safety of our employees in Japan three times to quickly register the safety of each and every employee.
Furthermore, we strengthened our communication methods by installing wireless IP to communicate between business establishments during emergencies as well as conventional satellite telephones.
Information Security Management Policy
Advantest is fully aware that information we receive from suppliers and information pertaining to our technical and sales operations are important assets; to effectively manage this information we pursue information security practices that include developing regulations, constructing control systems and providing employee training.
Policies and rules relating to information security
Organization of Information Security Management System
Advantest regards implementation of information security controls as a key management issue, and has accordingly assigned the Senior Executive Officer to act as Information Security Officer responsible for such systems on a global basis.
Moreover, we have set up a system that enables our offices in respective countries to autonomously address information security issues. Under this system, Regional Information Security Officers posted in respective countries bring a variety of viewpoints to the table in the course of deliberating on potential information security measures to be applied on a group-wide basis, and also when considering which policies and rules should be adopted, or otherwise revised or abolished.
Specifically, the head of each Group company's administration division has been assigned to the position of Regional Information Security Officer, responsible for security management in their respective regions. Meanwhile, members from related divisions in respective countries have been tasked with implementing information security measures.
Organization of Advantest Group Information Security management
Information Security Training
Going forward, we intend to continue developing more practical content and offering more pragmatic training through learning activities that entail repeated exposure to information security rules and content covering key topics in that regard.
Training/Awareness Raising as Part of the Information Security Training
- Targeted email threat training: 2
- Awareness raising for all employees: 1
- Informational broadcasts to raise awareness: 15
Initiatives for Strengthening Information Security
In fiscal 2011, we adopted a system whereby internal audit divisions perform information security audits, which enables us to conduct more objective rules-based checks and provide feedback to divisions that have been audited.
In updating our rules governing access to information equipment, we dropped requirements stipulating that employees must use encrypted PCs only, and now allow them to use thin client computer platforms through which they can perform work in secure environments without the prospect of leaving traces of data behind after use. Also, we made sure that our uniform Group-wide guidelines for business-related use of smartphones enable our employees to draw on such devices effectively in a business context, and in a manner that facilitates better customer service.
We also undergo security assessments and vulnerability tests via an external agency as an objective evaluation of our information security measures. We are then refining points to improve security based on those results to strengthen our level of security.
Confidential Information Protection
Our Information Security Basic Policy defines confidential information as that which has been disclosed by clients under contract along with that which is important to the company; moreover, the policy stipulates that such information be handled in accordance with relevant regulations.
Accordingly, we are committed to ensuring that confidential information is not divulged outside the company by ensuring that it is protected through use of adequate controls governing its storage, disclosure and handling. In fiscal 2017, there were no incidents involving the unauthorized disclosure of important confidential information, etc.
Personal Information Protection
We consider the confidentiality of all personal information entrusted to us to be very important, and accordingly we take steps to ensure that such information is properly protected and managed. In fiscal 2017, there were no incidents involving the unauthorized disclosure of important personal information, etc.
Our commitment to safeguarding personal information entails posting personal information managers in divisions handling such duties, and furthermore ensuring that those managers properly carry out their duties in regard to overseeing such information. Furthermore, we perform regular audits of personal information control and use practices in the respective divisions, and make improvements whenever deficiencies are discovered.
In Group companies outside of Japan, Regional Information Security Officers work to protect and manage personal information in accordance with the laws, regulations, and demands of each respective country or region.