Global

Home > About TOSHIBA > CSR > ESG Performance > Governance > Risk Management and Compliance

CSR - Corporate Social Responsibility
Committed to People, Committed to the Future.

Risk Management and Compliance

Toshiba Group places the highest priority on "life, safety, and compliance" as part of its CSR management.
We are making concerted efforts to regain public trust and rebuild Toshiba, such as our "Reform of management mind set" programs targeted at senior management. In order to respond appropriately to changes in laws, regulations and ordinances across the world, the globalization of management and the diversification of business, Toshiba Group is enforcing global compliance with laws and regulations, internal rules, social and ethical norms, and advancing our risk compliance activities.

Medium- to Long-term Vision

  • We aim to regain the trust from all of our stakeholders under a new management and governance system.

FY 2016 Achievement

  • We held three awareness-raising training sessions for officers and top management to improve the awareness of top management.

Future Challenges and Approaches

We will develop organizations and systems required to maximize our corporate value and to strengthen governance for the company split scheduled for July 2017 and beyond. After the split, each business company will become an independent legal entity. However, we will continue our risk management and compliance policy for Toshiba Group as a whole.

To Top

Policy on Risk Management and Compliance

On March 15, 2017, Toshiba Corporation's shares were designated as "securities under supervision (under examination)." On the same day, Toshiba re-submitted a verification of its internal control system to the Tokyo Stock Exchange and the Nagoya Stock Exchange. The verification included additional improvement measures, such as enhancing monitoring with strengthened risk management and governance, as well as raising awareness about not only legal compliance but also overall compliance. We will continue to implement measures to prevent recurrence and will make efforts to improve compliance of and governance over the associated companies, which contributed to the continued designation of Toshiba's shares as securities on alert and as securities under supervision (under examination). At the same time, we will develop a robust profit structure in order to regain the trust of all our stakeholders, including shareholders and investors. To that end, we will implement the Toshiba Rebuilding Initiative, a management policy plan focused on the following: stronger internal controls and a reformed corporate culture; decisive action on business structural reform; a review of the business portfolio and operational structure; and reform the financial base.

At Toshiba, throughout our worldwide operations, we strive to ensure compliance with laws and regulations, social and ethical norms, and internal rules. Giving top priority to human life and safety and to compliance in everything we do underpins our commitment to promoting business activities through fair competition and serving the interests of customers to the best of our ability.

We consider thorough adherence to the Toshiba Group Standards of Conduct (SOC), which embody the Basic Commitment of Toshiba Group, to be the foundation of our compliance. Thus we are working toward making the SOC an integral part of the entire Toshiba Group.

Furthermore, in order to respond to changes in the business environment, such as new technologies and growing supply chains in developing countries, and to the diverse and ever-changing risks that arise when conducting business activities, we are striving to prevent risks in advance, and to minimize losses from individual incidents.

To Top

Structure of Risk Management and Compliance

At Toshiba, we appoint a Chief Risk Compliance Management Officer (CRO) to oversee risk compliance management at the whole company, in order to enforce it at a cross-company level. We also have a dedicated Risk Compliance Group installed in the Legal Affairs Division. We are working to respond to whistleblower reports and to achieve global compliance, and are advancing effective risk compliance activities.

There is also a Risk Compliance Committee chaired by the CRO and attended by the executive officers of corporate staff divisions. The Committee analyzes whistleblower reports and cases both inside and outside the company, and identifies vulnerabilities in risk compliance management based on risk tables that cover the entire management environment. It also reviews activities from the preceding fiscal year, and deliberates on priority measures and monitors activities for the immediate fiscal year.

Each in-house company is advancing its own priority measures for risk compliance, determined by a risk-based approach, in addition to the priority measures common to the whole company.

In the event of a serious risk compliance issue, there is a system in place by which the relevant in-house committees, etc. promptly evaluate and implement countermeasures. Furthermore, we carry out sensitivity analyses at management meetings, etc. of the correlation between key risks and management, taking into account business risks and risks in the market, as well as compliance risks and environment-related risks such as climate change, so that we can concentrate our investment strategically in order to achieve Toshiba's goal: "Growth through Creativity and Innovation."

In March 2016, Toshiba established a new Accounting Compliance Committee. Its purpose is to aggregate finance- and accounting-related information, and to identify signs that might point to inappropriate financial reporting, doing both in timely fashion, and to detect risks that threaten internal control at an early stage.

The President and CEO is the head of the Accounting Compliance Committee, and the Audit Committee and the Internal Audit Division act as observers. Together they assess the risk of financial statements not being created or disclosed properly, and the risk that internal control, whose role is to support the reliability of financial reports, is not functioning effectively. Having done this, they supply information needed to prevent these risks, and discuss and decide on measures to deal with them.

Business risks and other risks are disclosed in the securities report.

Risk Management and Compliance Committee as of March 2017

Risk Management and Compliance Committee as of March 2017
  • *1 The Risk Compliance Committee manages matters related to the Toshiba Group Standards of Conduct and matters related to risk management (including matters required for the prevention of significant crisis risk, compliance related to technology, production, and sales activities, and thorough implementation of information security).
  • *2 CPL is an abbreviation combining CL (contractual liability) and PL (product liability)
  • *3 The In-house Company Technology & Production Compliance Committee can be integrated with other committees such as the Company Risk Compliance Committee.

Whistleblower System

In order to create an open work environment, Toshiba is enhancing its whistleblower system, on top of preventing risks by stimulating day-to-day communication in each workplace.

In January 2000, Toshiba established a whistleblower system to collect internal information on SOC violations, particularly those concerning laws and regulations, and to deal with wrongdoing through a self-rectification system. Under this system, an employee can report an incident and seek advice. In addition to the internal office, a reception hotline was set up at an external attorney's office in January 2005, primarily to receive information about potential legal violations. In April 2006, Toshiba also set up a supplier whistleblower system to receive reports from suppliers and business partners to prevent SOC violations by employees in charge of procurement and order placements for construction and other works.

Furthermore, in October 2015, the new Audit Committee Hotline was set up, which allows people to report directly to the Audit Committee, which is composed of outside directors. With this new system, even matters in which the involvement of top management is suspected can be safely reported. The Audit Committee also has access rights to the Risk Hotline, and provides appropriate guidance and supervision.

All Toshiba Group companies have implemented a whistleblower system. The whole Group has been directed to ensure the anonymity of the whistleblower for his/her protection, and, if the whistleblower is an employee who was himself/herself involved in the relevant reported act, to take into account as much as possible the fact of his/her coming forward when deciding what internal disciplinary action should be taken.

In December 2016, we delivered a message from the President to all employees of Toshiba Group companies in Japan to emphasize that we place the highest priority on respecting our customers and ensuring compliance. We also encouraged employees to actively use the whistleblower system in order to make sure that our policies are implemented.

Toshiba's Whistleblower System

Toshiba's Whistleblower System

Operational Status of the "Risk Hotline" in FY2016

The numbers of reports received and consultations undertaken by the "Risk Hotline" and "Audit Committee Hotline" in FY2016 are as follows.

We notified employees about the existence of the system and its assurance of strict anonymity through e-learning. We also reported on whistleblower cases to the whole company on a number of occasions. As a result, the number of employees using the Risk Hotline increased by 82% from 263 in FY2015.

Number of reports received by the "Risk Hotline"
FY2015 Number of reports received(within parentheses: anonymous reports) FY2016 Number of reports received(within parentheses: anonymous reports)
Reports received by internal secretariat 204 reports (121 reports) 389 reports (235 reports)
Reports received by attorney's office 4 reports (1 report) 12 reports (7 report)*
Total 208 reports (122 reports) 399 reports (240 reports)
  • * Including duplicate reports received by the internal secretariat
Number of reports received by the "Audit Committee Hotline"
October 2015 to March 2016 Number of reports received (within parentheses: anonymous reports) FY2016 Number of reports received (within parentheses: anonymous reports)
Total 55 reports (41 reports) 80 reports (53 reports)

Response Status

Of the reports received, those reporting inappropriate situations or concerns about inappropriate situations were reported to the relevant division so that instructions for improvement could be provided or alerts could be issued.

In cases involving consultations and questions about duties of the informants themselves, we gave advice on how to deal with the situation.

For reports other than the anonymous reports described above, we explained the status of our responses to the informants, in principle.

Except in cases in which consent has been obtained from employee, confidential adviser (at the internal secretariat or attorney's office) never disclose the names or contact addresses of the informants.

Out of the whistleblower reports, cases that everyone should bear in mind are taught as part of employee training. In order to protect whistleblower anonymity, such cases are presented without any names.

The number of reports received is released regularly on the company's internal website.

To Top

Compliance Training

Seminer for senior management
Seminer for senior management

At Toshiba, the President issued a message to all employees, expressing a firm commitment to implementing the corporate governance reform discussed by the Management Revitalization Committee. He also expressed that he would work to the best of his ability to revive Toshiba Group. In an effort to change the mindset of top management, we held awareness-raising training sessions for officers and top management four times in FY2015 and three times in FY2016, with a total of 603 executives participating in the FY2016 sessions. The company also held seminars by rank and function for employees to enhance the effectiveness of accounting compliance. Toshiba plans to continue these seminars.

In addition, following the previous fiscal year, we provide accounting compliance education through e-learning to deepen employees' understanding about the importance of financial reporting and cash flow management. In FY2016, all employees (approximately 100,000) of 144 consolidated subsidiary group companies in Japan and approximately 2,300 executives of 128 overseas group companies participated in the seminar.

Making the Toshiba Group Standards of Conduct Available to All Employees

Toshiba Group has created Standards of Conduct (SOC) in 24 languages and made them available on the company's internal website. Various compliance education programs that incorporate the SOC have been included in the level-based training, occupation-based training and senior management seminars. We are also continuing our education programs, such as e-learning and educational leaflets, for all employees.

Fostering a Compliance-oriented Culture through Workplace Meetings

Each workplace holds meetings focusing on CSR to raise the awareness of each and every employee with regard to compliance matters so as to make compliance an integral part of the corporate culture.

These meetings aim to prevent SOC violations by encouraging managers and employees to discuss various problems that are likely to arise in the workplace and to share their thoughts with each other in order to create a work environment where they can easily seek advice on all kinds of problems.

The theme in FY2016 was "Towards Creating a Better Work Environment." Employees discussed what they often experience and what they need to change in their workplaces. Approximately 85,000 employees at 8,000 workplaces in Japan participated in discussions.

In addition, by soliciting the frank opinions of employees via their workplace managers, and sharing analysis results and key opinions within the company, we monitor the level of compliance awareness at each workplace and develop new measures for the future.

Meeting at which participants actively exchange opinions

Meeting at which participants actively exchange opinions

Meeting at which participants actively exchange opinions

To Top

Inspection of implementation status of compliance measures

The Legal Affairs Division periodically communicates with the Corporate Audit Division in order to confirm the state of implementation with respect to the various compliance measures. Based on the actual state of implementation, steps are taken to enhance the effectiveness of management audits and the audit results are reflected in compliance measures.

Every year Toshiba conducts an intranet-based employee survey. The results are used in formulating measures for enhancing awareness on compliance.

Response to Compliance Violations

In the event of a major noncompliance incident, Toshiba investigates all facts to identify the cause of the violation, treats the facts seriously, and handles such violations rigorously by imposing appropriate disciplinary sanctions on the offenders or implementing other such measures. It makes every effort to prevent recurrence and discloses information in a proper and timely manner as necessary.

Developing Measures to Continue Breaking Relationships with Anti-social Groups

In 1997, the Board of Directors resolved to end relations with anti-social forces such as sokaiya (groups of racketeers). Since then, the Group has strictly dealt with approaches from third parties to obstruct our lawful and appropriate corporate activities.

In addition, in order to further ensure that all relations with anti-social forces are cut off, all Toshiba Group companies have taken various measures.

More specifically, we have developed and implemented Basic Public Relations Management Rules and appointed public relations management officers for each department. When conducting transactions with a new customer, the public relations management officers of that department confirm that the customer has no relations with anti-social groups. If a need arises during a background check to further investigate the customer, the Legal Affairs Division verifies whether there is any information on the customer's relationship with anti-social groups. We also periodically conduct surveys on customers that we already have business relations with. Transaction contracts normally include a clause regarding the exclusion of organized crime syndicates, which enables a contract to be cancelled without notice when the business partner is identified as an anti-social group.

Toshiba Group also works with the police, corporate attorneys, and third-party organizations such as the National Center for the Elimination of Boryokudan to establish systems that enable us to respond to approaches from anti-social forces in an appropriate and timely manner.

With regard to this stance, the rejection of the involvement of antisocial groups in our business activities has been explicitly stated in the SOC since 2006. Having been revised since then, "Antisocial Groups" is now an independent article, further stressing our policy to reject all contact with such groups.

By providing e-learning lessons about the SOC to all employees, we continuously ensure that employees understand the importance of excluding anti-social groups from the business they do. In FY2016, we collaborated with Toshiba Hokuriku and Kyushu branch offices to hold seminars for sales and service departments, focusing on the current state of anti-social groups and how to respond to unjustifiable demands.

To Top

Compliance with the Antimonopoly Act and Anti-Corruption

Toshiba Group is a member of the UN Global Compact, and as such, it will enforce compliance with the Antimonopoly Act and strengthen anti-corruption measures globally, in keeping with the revision to the Toshiba Group Standards of Conduct.

Antimonopoly and Anti-bribery Efforts

In light of global regulatory trends, Toshiba has been making rigorous efforts to prevent cartelization and bribery. In FY2016 the Company continued to step up its initiatives to ensure thorough compliance.

Specifically, the initiatives involve Toshiba Group companies worldwide performing self-audits based on two Toshiba- developed guidelines: one on antitrust and the other on anti-bribery. Through these audits, Toshiba Group aims to identify compliance levels at the companies concerned and to provide thorough compliance education.

Furthermore, we have placed managers of legal affairs in major global regions since FY2013 to enhance compliance and support subsidiaries in such regions. This has been done in order to appropriately control legal risks associated with relevant anti-trust laws, bribery, and the like and ensure thorough compliance in global business, which has been expanding mainly in emerging countries.

Toshiba promotes rigorous compliance with business-related laws and regulations by providing education, effectively utilizing databases that contain relevant information, and performing periodic self-audits.

In addition, Toshiba's compliance initiatives are objectively evaluated by outside lawyers once a year. We make improvements to reduce risks pointed out by third parties in order to continue to enhance our compliance structure.

Furthermore, Toshiba is advancing its promotion of compliance awareness, on the axis of the Toshiba Group Standards of Conduct. In Japan, employees received e-learning training on sales-related risks in February 2017 for employees, in order to raise the standard of sales-related legal risk management. Overseas, we held legal seminars for those in charge of compliance at local subsidiaries, working together with our regional headquarters and regional legal affairs managers. Attendees discussed measures to enhance compliance in keeping with the Toshiba Group Standards of Conduct, and fortified the foundations for strengthening the risk management network among Headquarters and all regions.

Toshiba Group Standards of Conduct 6. Competition Law and Government Transactions

Toshiba Group Standards of Conduct 7. Bribery

Political Contributions

The Toshiba Group Standards of Conduct stipulates that Toshiba Group shall not provide inappropriate benefits or favors to any politician or political organization.

Also, as part of its social contributions, Toshiba Corporation offers political contributions, when necessary, in order to contribute to the realization of policy-oriented politics, to support the healthy development of parliamentary democracy and to improve the transparency of political contributions.

In the case of offering political contribution, procedures in accordance with internal rules are followed as well as compliance with the Political Funds Control Law in case of Japan is strictly ensured.

Toshiba Group Standards of Conduct 7. Bribery

Donations and Provision of Funds

While the Toshiba Group Standards of Conduct forbid inappropriate expenses, they stipulate that appropriate donations to organizations may be made. We therefore donate to various organizations, taking into consideration factors such as the contribution made by the donee organization to society, its cause and community aspects, as specified by the Standards of Conduct.

Toshiba Group Standards of Conduct 19. Community Relations

To Top

Fair Trading

Fair Trading Policy and Its Promoting Structure

Toshiba strives to build sound partnerships with suppliers through fair trading in compliance with procurement-related laws and regulations.

CSR Management in the Supply Chain

Toshiba Group Procurement Policy

Toshiba Group Standards of Conduct 3. Procurement

The Toshiba Group is promoting thorough observance of CSR both in its own procurement activities, and in those of its suppliers.

There is a CSR procurement promotion structure established within the Group, which acts in order to carry out each procurement transaction in compliance with the relevant Japanese and international laws and regulations.

Information related to compliance concerning procurement is thoroughly informed to Group-wide companies through this system.

Moreover, measures are thoroughly informed by means of Procurement Compliance Liaison Meetings, organized by the Procurement Control & Compliance Group and attended by Compliance Managers and Compliance Coordinators.

Toshiba Group CSR procurement promotion structure

Toshiba Group CSR procurement promotion structure

In FY2015, Toshiba revised its regulations on managing procurement processes, in order to strengthen internal control regarding accounting compliance. The revised content has been circulated around the whole company and the Group companies, based on the structure for the promotion of CSR-based procurement. Group companies' regulations have also been revised accordingly.

In FY2016, we verified whether the regulations were properly implemented.

"Clean Partner Line", Whistleblower System for Suppliers and Business Partners

In order to ensure compliance and fair transactions, Toshiba has established a whistleblower system for suppliers and business partners called Clean Partner Line, as a point of contact for our suppliers to tell us about issues and concerns regarding persons associated with the Toshiba Group.

Personal information on whistleblowers, without the whistleblower's consent, is not disclosed to anyone other than the Clean Partner Line staff. Also, what is reported by whistleblowers is handled based on strict procedures, with care taken not to treat whistleblowers and their companies unfavorably for whistleblowing.

We notify our business partners of this system and request that they make use of it.

Checks and Audits of Fair Trading Practices (Thorough Compliance with the Act against Delay in Payment of Subcontract Proceeds, Etc. to Subcontractors)

In Japan, we continued with audits against the Act for the applicable Group companies with regard to subcontracted transactions. Regarding items requiring improvement as identified by the audits, follow-up is conducted in accordance with improvement plans to ensure thorough compliance.

Training to Ensure Fair Trading Practices

At Toshiba Group, various training programs on compliance in procurement are provided to ensure fair trading practices. For example, in FY2007, we conducted e-learning for employees of Group companies in Japan on relevant acts, such as the Act against Delay in Payment of Subcontract Proceeds, Etc. to Subcontractors.

In FY2016, a total of 60,071 employees were participated the e-learning program on the Subcontract Act.

We also provide compliance education for employees engaged in procurement at various phases of their careers.

Furthermore, we foster promoter specialized in the Act to ensure fair transactions with subcontractors.

To Top

Export Control

Export Control Policy

As indicated in Toshiba Group Standards of Conduct, Toshiba Group's basic export policy is not engaging in any transaction that could potentially undermine international peace and security. The Group also maintains to comply with all applicable export control laws and regulations of the countries and regions where we operate, including the Foreign Exchange and Foreign Trade Law in the case of Japan and US export control laws and regulations with respect to transactions involving items of US origin.

In accordance with this policy, Toshiba Group has established the Export Control Compliance Program (ECCP). Based on this program, the necessity of export licenses for goods and technology is determined and transactions are strictly screened. In addition to periodic export control audits and education for all executives and employees, in-house companies and corporate staff divisions provide instructions and support to the group companies they supervise.

Toshiba Export Control Compliance Program

The program stipulates the following provisions to ensure compliance with Japan's Foreign Exchange and Foreign Trade Control Law and U.S. export control laws.

  • Chapter 1 Statement of Corporate Policy
  • Chapter 2 Definition of Terms
  • Chapter 3 Export Control Organizations
  • Chapter 4 Control Procedures
  • Chapter 5 Education
  • Chapter 6 Compliance Reviews
  • Chapter 7 Notification of Violation and Corporate Sanctions
  • Chapter 8 Group Companies

Toshiba Group Standards of Conduct 9. Export Control

Export Control System

Toshiba's export control system is organized under the Chief Export Control Officer who has ultimate responsibility for the corporation's export control. The Chief Export Control Officer must be a representative director or an executive officer corresponding thereto. Under the Chief Export Control Officer, the Export Control Office, Legal Affairs Division Export Control Office is responsible for overseeing the export control implemented pursuant to the Toshiba Export Control Compliance Program (ECCP). Each Toshiba in-house company and corporate staff division has its own export control infrastructure led by the Export Control Officer who is in charge of the division. The Export Control Officer must be the president or executive vice president of the in-house company or the general manager of the corporate staff division. Toshiba Group companies have also established equivalent export control systems.

Toshiba Group Export Control System

Toshiba Group Export Control System

Product Classification and Transaction Review

The technical department first classifies and evaluates whether the goods or technology to be exported requires export permission from the Minister of Economy, Trade and Industry. Then, trade assessments are carried out accordingly, such as a confirmation of the purpose of use, and an assessment of the customers. Each process is checked and approved by multiple persons in charge. When trading with countries and regions where reasons for concern exist, the Export Control Office conducts stringent assessments and approvals.

Inspection and Audit of Export Control

Each company and corporate staff division, as well as each group company, perform internal self-checks. In addition to this, the Export Control Office or the department in charge conducts regular audits, checks compliance with laws and regulations, and performs appropriate export control. Where problems are identified by the audit, we demand that improvement plans be submitted, and check the progress of the plans.

Export Control Trainings

Training courses on export controls (regular and specialized courses) are offered by the Export Control Office for in-house companies, corporate divisions, and Group companies to educate employees on the importance of export control and to raise awareness and knowledge of the Toshiba Export Control Compliance Program (ECCP) and related internal regulations.

Furthermore, the Export Control Office provides compulsory export control education for all employees through an e-learning system every year.

Export controls at group companies including those located overseas are modeled after that of Toshiba, which is implemented under the Toshiba Export Control Compliance Program (ECCP). Export control audits are conducted periodically to evaluate their performances.

The Export Control Office convenes a monthly meeting with the in-house companies and group companies. Besides providing information on relevant international situations and regulatory trends, or advices on specific issues, this meeting also provides a forum for exchanging related information and opinions. In-house companies provide guidance on export controls and related support to group companies they supervise.

Furthermore, in order to fortify our support for overseas Group companies, we held an export control workshop targeted at local staff working in export control.

To Top

Information Security Management

Policy on Information Security

Toshiba Group regards all information, such as personal data, customer information, management information, technical and production information handled during the course of business activities, as its important assets and adopts a policy to manage all corporate information as confidential information and to ensure that the information is not inappropriately disclosed, leaked or used. In view of this, Toshiba has a fundamental policy "to manage and protect such information assets properly, with top priority on compliance." The policy is stipulated in the chapter "Corporate Information and Company Assets" of the Toshiba Group Standards of Conduct, and managerial and employee awareness on the same is encouraged.

In response to regulatory changes and changes in the social environment, Toshiba revises the related rules on an ongoing basis so as to rigorously manage its information security.

Toshiba Group Standards of Conduct 17. Information Security

Privacy Policy

Structure of Information Security Management

Addressing information security as a management priority, Toshiba Group has established, under the supervision of the Chief Information Security Officer, an information security management structure in which the head of each organization, such as president of each in-house company, head of corporate staff division as well as president of each group company are responsible for information security.

The Risk Compliance Committee deliberates matters that are necessary to ensure information security throughout the company. The Chief Information Security Officer formulates and enacts measures in order to make sure that internal rules related to information security are enforced in a problem-free, effective and definitive manner.

At the in-house companies, the company presidents serve as Information Security Management Executive, bearing full responsibility for information security at their respective companies. The Information Security Management Executive appoints Information Security Implementation Managers who are responsible for operation of the information security management system.

The Information Security Management Executives provide guidance and assistance to the group companies under their control to ensure that they implement information security of a level equivalent to that of Toshiba.

Toshiba has also established a similar management structure for the protection of personal data, and has a department other than the Secretariat (the Internal Audit Division) conduct audits in accordance with JIS Q 15001.

Toshiba Group Information Security Management Structure

Toshiba Group Information Security Management Structure

Information Security Measures

Toshiba Group implements information security measures from four perspectives (see the table below). The Strategic Planning Division incorporates these measures into regulations and guidelines and makes them fully known to all Toshiba Group companies through notices and briefings.

Implementation of Information Security Measures from Four Perspectives
Category Description
(1) Organizational measures:
Establish an organizational structure and rules
  • Periodic reviews of information security-related regulations
  • Development and maintenance of structure
  • Implementation of audits, etc.
(2) Personal and legal measures:
Ensure adherence to rules
  • Regulation of information protection duties and disciplinary measures for breach of duties in rules of employment
  • Provision of periodic employee education and training
  • Contractor information security evaluation and conclusion of confidentiality agreements, etc.
(3) Physical measures:
Support implementation of rules in terms of physical security
  • Carry-in/carry-out control of information devices
  • Facility access control, room / facility entry control
  • Locking of highly important information , etc.
(4) Technical measures:
Support implementation of rules in terms of technology
  • Virus protection and hard disk encryption of personal computers
  • Checking the vulnerabilities of servers accessible to the public enhancing their protection
  • Monitoring and controlling unauthorized access from the outside and information leakage, etc.

To protect against cyber-attacks, which are becoming more sophisticated with every passing year, we have enhanced the functions to block suspicious e-mails and trained all employees in handling targeted attack e-mails. In addition, we enhanced the monitoring for our network and in-house systems to quickly cope with a virus invasion into the company systems.

Education, Inspection and Audit of Information Security Management

Toshiba, with its wide portfolio of businesses, considers the autonomous implementation of PDCA (Plan-Do-Check-Act) cycle by each business or division to be vital for ensuring information security of the company. With this in view, every divisions conduct an annual self-audits in terms of compliance with internal rules, for the purpose of formulating their own improvement plan. The Strategic Planning Division evaluates the results of these self-audits and the related improvement activities, provides guidance and assistance where necessary. All domestic and overseas Group companies also conduct self-audits annually, in order to improve the level of information security at each company.

Moreover, Toshiba Group conducts yearly training for all officers, as well as permanent and temporary employees, in order to enforce strict compliance with in-house regulations. There are also programs such as training for those working in information security, and introductory training for new graduate employees.

Response to Incidents Such as Leakage of Confidential Information

In the event an information security incident such as the leakage of confidential information occurs, Toshiba responds promptly in accordance with the information security incident reporting structure.

When an employee becomes aware of the occurrence or potential occurrence of an incident involving the leakage of corporate information, the employee promptly reports to the Implementation Manager. The Implementation Manager, upon receipt of such report, devises necessary measures, such as an investigation into the cause and consideration of actions to prevent recurrence. In the case of the occurrence or potential occurrence of a serious leakage of confidential information that may entail a violation of laws or ordinances, Toshiba implements measures in accordance with the applicable laws or ordinances, such as disclosure, following discussion among the related corporate staff divisions.

Information Security Incident Reporting Structure

Information Security Incident Reporting Structure

Status of Incidents Such As Leakage of Confidential Information

In FY2016, there were no incidents in which important information kept by Toshiba Group companies was leaked. Nor were there any complaints from relevant external individuals or regulatory bodies concerning personal data. We will continue to prevent incidents concerning information security, and are fully prepared for any situation.

To Top

Product Safety Information and Advertising

Policy on Product Safety Information and Advertising

Toshiba Group provides accurate product information and executes appropriate advertising in accordance with the Toshiba Group Standards of Conduct, the Code of Fair Competition for Home Appliances*1 and other policies.

Quality assurance organizations of in-house companies and affiliated companies monitor the safety standards of the countries where products are marketed and technical standards such as the UL Standards*2 and CE Marking*3 to ensure that their product labeling is in compliance with the relevant standards.

Toshiba Group Standards of Conduct 2. Customer Satisfaction

Toshiba Group Standards of Conduct 15. Advertising

  • *1 The code specifies prohibition of misleading representations, matters requiring representation, standards for representation of certain matters, etc. The objective is to contribute to consumers' 'well-informed selection of products, prevent inducement of customers by means of unjustifiable premiums and misleading representations, and ensure fair competition.
  • *2 UL Standards: Safety standards issued by Underwriters Laboratories Inc., a U.S. not-for-profit product-safety testing and certification organization. UL has developed standards for materials, products and facilities.
  • *3 CE Marking: This mark indicates that the product bearing it is in compliance with safety standards of the European Union (EU). CE Marking is mandatory for certain types of products sold in the EU.

Compliance with Regulations and In-House Standards Regarding Products

In FY2016, there were no cases in which regulations and in-house standards regarding safety and health were violated in product or service life cycles.

With regard to regulations and in-house standards regarding product/service information and labeling, we discovered a labeling error after products were shipped and implemented the appropriate measures under the guidance of authorities.

Labeling error incident

Error in the identification number of the USB Type-C™ adapter for the dynabook V/VC/VZ series (Toshiba Client Solutions Co., Ltd.) 17th Mar 2017 (Japanese)

Free-of-charge replacement of SeeQVault™-compatible microSDHC memory cards / microSD card reader MSV-RW32GA 17th Jun 2017 (Japanese)

Compliance with Regulations on Advertising and Labeling

In FY2016, as a result of our strict implementation of the Manufacturing Labeling Standards*, there were no violations of the Act Against Unjustifiable Premiums and Misleading Representations among Toshiba Group companies.

To Top

Risk Management with Business Continuity Plan (BCP)

Failure to respond appropriately to large-scale disasters such as earthquakes, typhoons, and floods could result in the long-term closure of operations, triggering significant financial losses, ultimately affecting our stakeholders.

Toshiba implements measures to ensure the safety of employees and their families, support recovery of devastated areas, and maintain business sites and factories.

The BCP, which we have been formulating and developing Group-wide as of FY2007, is one such measure. Focusing on our key businesses that have a large social and economic impact, we are establishing a BCP that takes into account the possibility of large-scale earthquakes and new strains of influenza, and continually update it in order to maintain and improve its effectiveness.

Toshiba Group will continue to strengthen its BCP, so that it can continue its business even in the case of a large-scale disaster, and puts the safety of all its employees above other concerns.

BCP Procurement Management

In response to the Great East Japan Earthquake and the floods in Thailand, both of which occurred in 2011, Toshiba group is promoting to establish a more disaster-resistant procurement system.

Based on Toshiba Group's Procurement Policy, we request our suppliers to cooperate in continuing to provide supplies in the event of an unanticipated disaster.

In 2012, we established the BCP Procurement Guidelines to provide crisis management standards.

Also, to minimize the risk of supply chain disruptions and to reduce the amount of time required to resolve supply chain disruptions, we have built a system to manage corporate information on upstream suppliers in the supply chain. In the event of an unanticipated disaster, we use this system to quickly investigate its effects on our supplies worldwide so that action can be taken promptly.

To Top

Tax Affairs

Based on a basic tax policy, the Toshiba Group complies with legal ordinances, notices and regulations in various countries and makes efforts to properly file tax returns and pay taxes.

Basic Policy Regarding Taxes

The Toshiba Group follows the following policy to properly file tax returns and pay taxes:

  1. Legal compliance
    Placing the highest priority on life, safety, and compliance in its Group Standards of Conduct, the Toshiba Group understands the reasoning behind and complies with the legal regulations of various countries, files tax returns and pays taxes in accordance with guidelines published by OECD and other international organizations.
  2. Paying an appropriate amount of tax
    The Toshiba Group makes an effort to achieve appropriate profit and sustained growth in its Group Management Vision. While ensuring compliance to legal regulations, the Group strives to pay an appropriate amount of tax by understanding the reasoning behind and using legally approved systems, such as consolidated tax payments.

To Top