Corporate Governance and Internal Control System
As a member of the Kyocera Group, Kyocera Document Solutions has established the following system of corporate governance and internal controls to ensure that the execution of their duties by directors complies with all laws and regulations as well as its articles of incorporation, and to achieve sound, fair, and highly transparent corporate governance based on the Kyocera Philosophy and Management Rationale.
● Corporate Governance System
Corporate Governance System
Our corporate governance organization includes appointed Audit & Supervisory Board members. In addition to responding to requests for reports from Audit & Supervisory Board members, a director will immediately notify Audit & Supervisory Board members in the event that he or she has discovered any violation of laws, regulations, or the company's articles of incorporation, or any occurrence or the possibility of an occurrence that might cause significant damage to the corporate group. In order for Audit & Supervisory Board members to be able to conduct their audits effectively, directors will ask them to attend important meetings and inspect minutes, contracts, and other documents when requested.
Internal Control System
We have established a system of internal controls to ensure that the directors who execute our operations adequately adhere to our management rationale and master plan as they aim to achieve our management rationale.
Important matters are deliberated on by the Management Committee, which consists of directors and the heads of relevant departments, in order to ensure operations are performed appropriately.
Risk Management System
● Risk Management System
In order to respond to diversifying internal and external risks, we have established a risk management system in accordance with the Kyocera Group Basic Policy on Risk Management, and are working on risk prediction and prevention as well as the minimization of losses when risks arise.
Working under the supervision of the president, who is the chief executive officer, the head of the Corporate General Affairs Division oversees risk management while the Risk Management Department and divisions responsible for various types of risks conduct risk management activities. In the event that a serious incident occurs or is likely to occur, the Risk Management Department and divisions responsible for various types of risks work together to quickly respond to the incident.
Additionally, we have established internal rules, including management rules regarding important laws and regulations as well as a crisis management manual that stipulates measures to be taken in the event of an emergency, and have made these rules and regulations available to all employees.
Business Continuity Plan (BCP)
We are strengthening our business continuity initiatives along with ongoing disaster management activities to ensure that we can continue to supply products and services to customers in the event of an emergency. In Japan, we have strengthened our initial response system in the event of a major earthquake or disaster and have built a system to ensure a stable supply of products and services even when production is affected by power outages or damage to production facilities. We conduct annual BCP drills at the Hirakata(Osaka) and Tamaki(Mie) Plants, covering everything from initial response to recovery, so that we can take appropriate action in the event of a large-scale earthquake.
We have clear basic rules all employees must follow when handling information assets as well as a management system in place to ensure that information assets are used in a secure and efficient way.
Managing technical and personal information is one of the most important responsibilities a company can assume in fulfilling its social responsibilities. We have established Information Security Basic Policy and Personal Information Protection Basic Policy to ensure that the handling of information is strictly managed.
We maintain the Digital Information Security Committee chaired by the president and implement measures across the globe, including regular employee training, management of information devices taken out of the office, and the strengthening of e-mail security. On top of that, the legal audit department and the IT department conduct regular audits to bolster our information security system.
- FY 2021 Initiatives and FY 2022 Plan
In fiscal 2021, we worked on strengthening information security across the globe. We implemented next-generation security measures for PCs and servers in order to prevent infection from unknown malware and installed devices with network monitoring functions at major sites to detect suspicious communications using AI all with the aim of thoroughly preventing information leaks. At our production sites, we revamped wireless networks with possible vulnerabilities due to the use of outdated equipment by changing communication protocols and replacing devices. On top of that, we implemented stricter management practices for using external storage media in order to prevent malware from spreading across the network through the inadvertent use of external storage media.
In fiscal 2022, we will implement 24/7 malware detection and quarantine to prevent the spread of infection, with the assumption that we've already been infected, in order to better prepare us for increasingly sophisticated cyberattacks. Also, now that cloud services are widely used within the company as we move ahead with DX*, we will control data leakage in the cloud and unauthorized access to the cloud to enhance the security of online communications. At our factories where production processes are increasingly automated, we will implement security measures for control devices and monitor production line networks to improve the security of IoT devices. We will also work with the internal audit department to conduct information security audits designed to strengthen the governance of our affiliates.
* DX stands for digital transformation.
It is the process of using data and digital technologies to transform products, services, and business models to meet the needs of customers and society as well as business operations, organizations, processes, and corporate culture and climate to establish a competitive advantage in response to rapid changes in the business environment.
As a member of the Kyocera Group, we adhere to the Kyocera Compliance Statement and Kyocera Employee's Action Guideline as our code of conduct. To ensure compliance with domestic and foreign laws and regulations, we designate a department to be in charge of relevant laws and regulations, inform employees immediately of the enactment or revision of laws and regulations, and conduct regular legal audits.
- Keeping Up-to-date with Legal Information
The department in charge of laws and regulations reviews the provisions of new and revised laws and regulations in order to ensure thorough legal compliance, reflects them in the management rules of each department, and keeps everyone up-to-date.
- Legal Audits
The legal audit department regularly conducts legal audits of each department to maintain and improve our compliance system.
Security Export Control and Trade Control System
We have established a system that conforms to the Foreign Exchange and Foreign Trade Act, the Customs Act, and other laws and regulations in order to ensure compliance with laws and regulations related to import and export transactions. The Kyocera Document Solutions Export Control Regulations ensure secure export control as required by the Foreign Exchange and Foreign Trade Act. We have acquired specified exporter and importer authorization from customs and carry out import and export processes based on control procedures associated with trade-related operations. We conduct internal audits on secure export control and trade control to ensure that the system is being properly maintained.
Personal Information Protection
Preventing Insider Trading
We have an insider trading monitoring system and ensure all employees are aware about preventing insider trading. We have also established rules to prevent insider trading, which requires the maintenance of an internal information management system and restricts the buying and selling of stocks. In order to raise employee awareness, a guide to preventing insider trading has been published and made available via the internal web portal.
Efforts to Exclude Antisocial Forces
The Kyocera Employee's Action Guideline, which serves as a code of conduct for employees in their daily work, clearly states that we will take a resolute stance against antisocial forces in accordance with the law, and ensure that this policy is strictly enforced. We also have a clause in our contracts with customers and suppliers to exclude antisocial forces.
Every year we provide compliance education to new employees, while each department provides education on relevant laws and regulations (e.g., antitrust laws, laws concerning secure export control and customs).
We maintain an internal whistleblower system that allows employees to report any violation or potential violation of laws and internal regulations related to human rights, labor, safety and health, the environment, and fair trade as well as to ask questions or seek consultation. Upon receiving a report from an employee by phone or e-mail, our full-time Audit & Supervisory Board members and the head of the Corporate General Affairs Division will inform him or her of our approach to the protection of personal privacy, etc. and work with the relevant departments to conduct investigations and verification, take corrective measures, and prevent any recurrence.
We also accept the inquiry from our business partners from the below link.
As a member of the Kyocera Group, we are working to eradicate corruption by prohibiting activities that deviate from general good business practices, including forms of bribery, such those involving the giving or acceptance of excessive gifts or entertainment, in accordance with the Kyocera Group Basic Policy on Anti-Corruption.
Kyocera's internal audit department conducts internal audits of our Group companies and evaluates their internal control frameworks and systems with an aim of improving their internal controls. Annual audits of internal controls are also conducted by external auditors.