Home > CSR > CSR Performance > Fair Operating Practices > Risk Management and Compliance

CSR - Corporate Social Responsibility
Committed to People, Committed to the Future.

Risk Management and Compliance


At Toshiba, throughout our worldwide operations, we strive to ensure compliance with laws and regulations, social and ethical norms, and internal rules. Giving top priority to human life and safety and to compliance in everything we do underpins our commitment to promoting business activities through fair competition and serving the interests of customers to the best of our ability.
We consider thorough adherence to the Toshiba Group Standards of Conduct (SOC), which embody the Basic Commitment of Toshiba Group, to be the foundation of our compliance. Thus we are working toward making the SOC an integral part of the entire Toshiba Group.

To Top

Management Structure

In order to ensure thorough risk compliance management at Toshiba, a board member is assigned the responsibility of overseeing risk compliance.
If a serious noncompliance incident occurs, we swiftly consider how to deal with it and take the necessary action in the risk compliance system.
As part of reorganization of corporate staff divisions, we set up a Risk Management Division in October 2013. Accordingly, to enhance the effectiveness of risk management, the Technology & Production Compliance Committee, Sales Compliance Committee, and Information Security Committee that had been separately operated were consolidated into the Risk Compliance Committee.
Furthermore, we endeavor to reinforce risk compliance management by closely examining ways to prevent SOC violations and the recurrence of similar incidences through cooperation among the relevant divisions.

Management Structure

Management Structure

*1 The Risk Compliance Committee manages matters related to the Toshiba Group Standards of Conduct and matters related to risk management (including matters required for the prevention of significant crisis risk, compliance related to technology, production, and sales activities, and thorough implementation of information security).
*2 CPL is an abbreviation combining CL (contractual liability) and PL (product liability)
*3 The In-house Company Technology & Production Compliance Committee can be integrated with other committees such as the Company Risk Compliance Committee.

To Top


Booklets on Toshiba Group Standards of Conduct in various languages
Booklets on Toshiba Group Standards of Conduct in various languages

Toshiba Group has drawn up the Toshiba Group Standards of Conduct (SOC) in 16 languages and distributed copies to overseas subsidiaries for compliance training.
With a view to ensuring compliance with the SOC, Toshiba Group provides various education programs such as education based on the needs of different organizational levels and job functions including new employees, as well as seminars on compliance topics for top executives. We also provide e-learning for all employees on a continual basis.
In FY2013, we provided e-learning programs on bribery, illegal transactions, improper payments, and other topics in order to ensure thorough group-wide compliance with laws and regulations.
For overseas subsidiaries, we have 1) developed e-learning materials on competition laws and bribery for local subsidiaries in Europe, 2) provided education on anti-trust laws and bribery using other companies’ examples and explained key points of risk management for local subsidiaries in China, and 3) provided compliance education for local subsidiaries in Asia.

Activity Example: Developing various measures to promote rigorous compliance

Trainer education for subsidiaries in Asian countries
Trainer education for subsidiaries in Asian countries

In light of global regulatory trends, Toshiba has been making rigorous efforts to prevent cartelization and bribery. In FY2013, the Company continued to step up its initiatives to ensure thorough compliance.
Specifically, the initiatives involve Toshiba Group companies worldwide performing self-audits based on two Toshiba- developed guidelines: one on antitrust and the other on anti-bribery. Through these audits, Toshiba Group aims to identify compliance levels at the companies concerned and to provide thorough compliance education.
Furthermore, in addition to other activities currently underway, among our efforts to enhance our global compliance structure, we have placed managers of legal affairs in major global regions since October 2013 to enhance compliance and support subsidiaries in such regions. This has been done in order to appropriately control legal risks associated with relevant anti-trust laws, bribery, and the like and ensure thorough compliance in global business, which has been expanding mainly in emerging countries.
Toshiba promotes rigorous compliance with business-related laws and regulations by providing education, effectively utilizing databases that contain relevant information, and performing periodic self-audits.
In addition, Toshiba’s compliance initiatives are objectively evaluated by outside lawyers once a year. We make improvements to reduce risks pointed out by third parties in order to continue to enhance our compliance structure.

To Top

Response to Compliance Violations

In the event of a major noncompliance incident, Toshiba investigates all facts to identify the cause of the violation, treats the facts seriously, and handles such violations rigorously by imposing appropriate disciplinary sanctions on the offenders or implementing other such measures. It makes every effort to prevent recurrence and discloses information in a proper and timely manner as necessary.
In FY2013, Toshiba Group designated "Corporate Social Responsibility (CSR)" as a subject for its CSR workplace meetings. Thus, the Group continues to make efforts to promote its CSR management to contribute to the resolution of global social problems through its business activities by giving the top priority to human life, safety, and legal compliance on a Group-wide basis.

To Top

Whistleblower System

In January 2000, Toshiba established a whistleblower system to collect internal information on SOC violations, particularly those concerning laws and regulations, and to deal with wrongdoing through a self-rectification system. Under this system, an employee can report an incident and seek advice. In April 2006, Toshiba also set up a supplier whistleblower system to receive reports from suppliers and business partners to prevent SOC violations by employees in charge of procurement and order placements for construction and other works.
By putting in place systems to receive reports from inside and outside the company, Toshiba anticipates that the system will play a role in deterring SOC violations in addition to self-rectification. Toshiba Group companies have also introduced a similar whistleblower system.

Toshiba’s Whistleblower System

Toshiba’s Whistleblower System

Operational Status of the "Risk Hotline" in FY2013

The numbers of reports received and consultations undertaken by the "Risk Hotline" in FY2013 are as follows.

Number of reports received by the "Risk Hotline" (FY2013)
Number of reports received (within parentheses: anonymous reports)
Reports received by internal secretariat 57 reports (32 reports)
Reports received by attorney’s office 4 reports (3 reports)
Total 61 reports (35 reports)

Response Status

Of the reports received, those reporting inappropriate situations or concerns about inappropriate situations were reported to the relevant division so that instructions for improvement could be provided or alerts could be issued.
In cases involving consultations and questions about duties of the informants themselves, we gave advice on how to deal with the situation.
For reports other than the anonymous reports described above, we explained the status of our responses to the informants, in principle.
Except in cases in which consent has been obtained from employee, confidential adviser (at the internal secretariat or attorney’s office) never disclose the names or contact addresses of the informants.

To Top

Compliance Situation Inspection and Audit

The Legal Affairs Division periodically communicates with the Corporate Audit Division in order to confirm the state of implementation with respect to the various compliance measures. Based on the actual state of implementation, steps are taken to enhance the effectiveness of management audits and the audit results are reflected in compliance measures.
Every year Toshiba conducts an intranet-based employee survey on the Toshiba Group Standards of Conduct(SOC). The results are used in formulating measures for enhancing awareness on compliance.

Developing measures to continue breaking relationships with anti-social groups

In 1997, the Board of Directors resolved to end relations with anti-social forces such as sokaiya (groups of racketeers). In 2006, Toshiba Group revised its Standards of Conduct to state expressly that it refuses all involvement in the business activities of such forces. Since then, the Group has strictly dealt with approaches from third parties to obstruct our lawful and appropriate corporate activities.
In addition, in order to further ensure that all relations with anti-social forces, including business transactions, are cut off, all Toshiba Group companies have taken various measures, such as reviewing their contract clauses on the exclusion of dealings with crime syndicates, holding seminars with lecturers invited from outside the Group, and educating all employees about the need for compliance in this area. Toshiba Group also works with the police, corporate attorneys, and third-party organizations such as the National Center for the Elimination of Boryokudan to establish systems that enable us to respond to approaches from anti-social forces in an appropriate and timely manner.

Activity Example: Fostering a compliance-oriented culture through workplace meetings

Meeting at which participants actively exchange opinions
Meeting at which participants actively exchange opinions

Toshiba Group places the highest priority on “life, safety, and compliance” as part of its CSR management. Each workplace holds meetings focusing on CSR to raise the awareness of each and every employee with regard to compliance matters so as to make compliance an integral part of the corporate culture.
These meetings aim to prevent SOC violations by encouraging managers and employees to discuss various problems that are likely to arise in the workplace and to share their thoughts with each other in order to create a work environment where they can easily seek advice on all kinds of problems.
In FY2013, meetings were held on topics concerning compliance related to “Corporate Social Responsibility (CSR)” as well as other topics, such as “Proper use of Social Media”.
In addition, having created a database to compile information about the implementation status of the meetings as well as by soliciting the frank opinions of employees via their workplace managers, we are now able to monitor the level of compliance awareness at each workplace and to develop new measures in the future.

To Top

Political Contributions

The Toshiba Group Standards of Conduct stipulates that Toshiba Group shall not provide inappropriate benefits or favors to any politician or political organization.
In the case of offering political contribution, procedures in accordance with internal rules are followed as well as compliance with the Political Funds Control Law in case of Japan is strictly ensured.

Toshiba Group Standards of Conduct 7. Bribery

To Top

Business Continuity Plan (BCP)

Failure to respond appropriately to large-scale disasters such as earthquakes, typhoons, and floods could result in the long-term closure of operations, triggering significant financial losses, ultimately affecting our stakeholders.
Toshiba implements measures to ensure the safety of employees and their families, support recovery of devastated areas, and maintain business sites and factories. In addition, Toshiba continually updates its Business Continuity Plan (BCP) covering those businesses that have large social and economic impacts in order to minimize any interruption in the supply of goods and services in the event of natural or other disasters such as an influenza pandemic.
Following the Great East Japan Earthquake, Toshiba Group reviewed the damage expected under our BCP, which we had worked out on a nationwide scale starting in 2007. Based on the revised assumptions, the Group is confirming ways to ensure the safety of all employees at each business site and taking measures to ensure business continuity.

Developing measures to provide a stable supply of parts based on BCP procurement guidelines

In response to the Great East Japan Earthquake and the floods in Thailand, both of which occurred in 2011, Toshiba’s procurement division is aiming to establish a more disaster-resistant procurement system.
In order to respond to the risk of supply chain disruption in the event of an emergency, the division included “ensuring continuous supply when an unforeseen disaster occurs” in its procurement policy and has asked suppliers for their cooperation. In addition, the division is working on risk assessment and risk hedging daily in accordance with the BCP Procurement Guidelines. It also considers procurement from diverse suppliers and from wider geographical areas to be one of its most important measures and aims to minimize the risk of supply chain disruptions and to reduce the amount of time required for resolving supply chain disruptions. In 2012, the procurement division built a system for managing information on upstream suppliers in the supply chain. Global implementation of this system has reinforced the Group’s ability to respond to emergencies.
In addition to these initiatives, the division works with related divisions to cope with other risks such as unavailability of products containing rare earths and power shortages caused by the suspension of operation of nuclear power stations.

To Top

Support for Customers’ Business Continuity

In July 2012, Toshiba Community Solutions Company and Toshiba Solutions Corp. built the Tokyo No.2 Data Center. It features the latest seismic base-isolating systems, and is located in the least earthquake-prone area of Tokyo. In January 2013, it opened the Sapporo Data Center, which will be used as a remote backup facility. In order to support customers' business continuity, the company will provide safe and secure cloud computing services via technologies allowing for no-fuel-supply datacenter operation and disaster recovery among others.
In February 2014, Toshiba Personal & Client Solution Company commoditized technology for detecting hard disk drive failures in advance, started offering solution. Collecting and accumulating data obtained from notebook PCs on the number of HDD read errors and the length of operating time as well as data from failed HDDs and analysis of large amounts of data thus obtained has enabled the company to detect failure risk in advance, contact the administrator. This technology allows backups of HDD data before the HDD fails, preventing important data from being lost at the customers and thereby contributing to ensuring business continuity.

To Top