Global

Home > About TOSHIBA > CSR > ESG Performance > Governance > Risk Management and Compliance

CSR - Corporate Social Responsibility
Committed to People, Committed to the Future.

Risk Management and Compliance

In order to respond appropriately to changes in laws and regulations in every country of the world, the globalization of management and the diversification of business, Toshiba Group is enforcing global compliance with laws and regulations, internal rules, and social and ethical norms.

Medium- to Long-term Vision

  • We aim to regain the trust from all of our stakeholders by striving to improve and strengthen our internal control system through more stringent compliance and a more robust risk management system.

FY 2017 Achievement

  • We held three awareness-raising training sessions for officers and top management to improve the awareness of top management and employees, with a total of 761 executives taking part. We also continued to conduct general compliance training that included accounting compliance.

Future Challenges and Approaches

We will continue striving to implement a more effective compliance system and policy based on an awareness of risk in order to strengthen risk management and compliance for Toshiba Group as a whole following the spin-off of the in-house companies conducted in July 2017 and beyond.

To Top

Policy on Risk Management and Compliance

Toshiba’s shares were designated as securities on alert and stock under supervision on September 15, 2015. As a result of the examinations by the Tokyo Stock Exchange and Nagoya Stock Exchange into the status of improvements made to the internal control system thereafter, the aforementioned designation was lifted on October 12, 2017. Toshiba then released its "Report on Improvements of Internal Management System" on October 20, 2017, and as reported in the "Progress Report on Improvements of Internal Management System" on July 25, 2018, Toshiba is making its best efforts to regain the trust of shareholders, investors and all other stakeholders. This will be achieved through continued efforts to improve and strengthen internal control system, including compliance related to the areas that led to the designation of Toshiba’s shares as securities on alert and as securities under supervision.

At Toshiba, throughout our worldwide operations, we commit to thorough adherence to the Standards of Conduct for Toshiba Group (SOC), which embody the Essence of Toshiba in order to ensure compliance with laws and regulations, social and ethical norms, and internal rules. Giving top priority to human life, safety and compliance underpins our commitment to promoting business activities through fair competition. Thus we are working toward making the SOC an integral part of the entire Toshiba Group.

Furthermore, in order to respond to changes in the business environment, such as new technologies and growing supply chains in developing countries, and to the diverse and ever-changing risks that arise when conducting business activities, we are striving to prevent risks in advance, and to minimize losses from individual incidents.

To Top

Structure of Risk Management and Compliance

At Toshiba, we appoint a Chief Risk Compliance Management Officer (CRO) to oversee risk management and compliance for the whole Group. In addition, the Legal Affairs Division responds to whistleblower reports and attempts to achieve global compliance, and is advancing effective risk management and compliance activities.

There is also a Risk Compliance Committee chaired by the CRO and attended by the executive officers of corporate staff divisions. The Committee analyzes whistleblower reports and cases both inside and outside the Company, and identifies vulnerabilities in risk management and compliance based on risk tables that cover the entire management environment. It also reviews activities from the preceding fiscal year, and deliberates on priority measures and monitors activities from the immediate fiscal year.

Each key Group company is advancing its own priority measures for risk management and compliance, determined by a risk-based approach, in addition to the priority measures common to the whole company.

In the event of a serious risk management and compliance issue, there is a system in place by which the relevant in-house committees, etc. promptly evaluate and implement countermeasures. Furthermore, we carry out sensitivity analyses at management meetings, etc. of the correlation between key risks and management, taking into account business risks and risks in the market, as well as compliance risks and environment-related risks such as climate change, so that we can concentrate our investment strategically in order to achieve Toshiba's goal of growth through creativity and innovation.

In March 2016, Toshiba established a new Accounting Compliance Committee. Its purpose is to aggregate finance- and accounting-related information, and to identify signs that might point to inappropriate financial reporting, doing both in timely fashion, and to detect risks that threaten internal control at an early stage.

The President and COO is the head of the Accounting Compliance Committee, and the Audit Committee and the Internal Audit Division act as observers. Together they assess the risk of financial statements not being created or disclosed properly, and the risk that internal control is not functioning effectively to support the reliability of financial reports. Having done this, they supply information needed to prevent these risks, and discuss and decide on measures to deal with them.

Business risks and other risks are disclosed in the securities report P26 - P36 (Japanese)

Risk Management and Compliance Committee

Risk Management and Compliance Committee
  • *1 The Risk Compliance Committee manages matters related to the Standards of Conduct for Toshiba Group and matters related to risk management (including matters required for the prevention of significant crisis risk, compliance related to technology, production, and sales activities, and thorough implementation of information security).
  • *2 CPL is an abbreviation combining CL (contractual liability) and PL (product liability)
  • *3 The key Group company Technology & Production Compliance Committee can be integrated with other committees such as the company Risk Compliance Committee.

Whistleblower System

In order to create an open work environment, Toshiba is enhancing its whistleblower system, on top of preventing risks by stimulating day-to-day communication in each workplace.

In January 2000, Toshiba established a whistleblower system to collect internal information on SOC violations, particularly those concerning laws and regulations, and to deal with wrongdoing through a self-rectification system. Under this system, an employee can report an incident and seek advice. In addition to the internal office, a reception hotline was set up at an external attorney's office in January 2005, primarily to receive information about potential legal violations. In April 2006, Toshiba also set up a supplier whistleblower system to receive reports from suppliers and business partners to prevent SOC violations by employees in charge of procurement and order placements for construction and other works.

Furthermore, in October 2015, the new Audit Committee Hotline was set up, which allows people to report directly to the Audit Committee, which is composed of outside directors. With this new system, even matters in which the involvement of top management is suspected can be safely reported. The Audit Committee also has access rights to the Risk Hotline, and provides appropriate guidance and supervision.

All Toshiba Group companies have implemented a whistleblower system. The whole Group has been directed to ensure the anonymity of the whistleblower for his/her protection, and, if the whistleblower is an employee who was himself/herself involved in the relevant reported act, to take into account as much as possible the fact of his/her coming forward when deciding what internal disciplinary action should be taken. We are also working to enhance awareness of the whistleblower system by regularly issuing a compilation of whistleblower cases that have actually taken place.

Toshiba's Whistleblower System

Toshiba's Whistleblower System

Operational Status of the "Risk Hotline" in FY2017

The numbers of reports received and consultations undertaken by the "Risk Hotline" and "Audit Committee Hotline" in FY2017 are as follows.

We notified employees about the existence of the system and its assurance of strict anonymity through e-learning. We also reported on whistleblower cases to the whole company on a number of occasions.

Number of reports received by the "Risk Hotline" (within parentheses: anonymous reports)
FY2015 FY2016 FY2017
Reports received by internal secretariat 204 reports (121 reports) 389 reports (235 reports) 243 reports (147 reports)
Reports received by attorney's office 4 reports (1 report) 12 reports (7 report)* 10 reports (2 report)*
Total 208 reports (122 reports) 399 reports (240 reports) 253 reports (149 reports)
  • * Including duplicate reports received by the internal secretariat
Number of reports received by the "Audit Committee Hotline" (within parentheses: anonymous reports)
October 2015 to March 2016 FY2016 FY2017
Total 55 reports (41 reports) 80 reports (53 reports) 33 reports (17 reports)

Response Status

Of the reports received, those reporting inappropriate situations or concerns about inappropriate situations were reported to the relevant division so that instructions for improvement could be provided or alerts could be issued.

In cases involving consultations and questions about duties of the informants themselves, we gave advice on how to deal with the situation.

For reports other than the anonymous reports described above, we explained the status of our responses to the informants, in principle.

Except in cases in which consent has been obtained from employee, confidential adviser (at the internal secretariat or attorney's office) never disclose the names or contact addresses of the informants.

Out of the whistleblower reports, cases that everyone should bear in mind are taught as part of employee training. In order to protect whistleblower anonymity, such cases are presented without any names.

The number of reports received is released regularly on the company's internal website.

To Top

Risk Management and Compliance Training

Seminer for senior management
Seminar for senior management

At Toshiba, the President issued a message to all employees, expressing a firm commitment to implementing the corporate governance reform discussed by the Management Revitalization Committee. He also expressed that he would work to the best of his ability to revive Toshiba Group. In an effort to change the mindset of top management, we held sessions for officers and top management three times in FY2016 and in FY2017 respectively, with a total of 761 executives participating in the FY2017 sessions. We also held seminars by rank and function for employees to enhance the effectiveness of accounting compliance. Toshiba plans to continue these seminars.

In addition, following the previous fiscal year, we provide accounting compliance education through e-learning to deepen employees' understanding about the importance of financial reporting and cash flow management. In FY2017, all employees (approximately 100,000) of 145 consolidated subsidiary Group companies in Japan and approximately 1,900 executives of 112 overseas Group companies participated in the seminar.

Making the Standards of Conduct for Toshiba Group Available to All Employees

Toshiba Group has created in 24 languages and made them available on the internal website. Various compliance education programs that incorporate the SOC have been included in the level-based training, occupation-based training and senior management seminars. We are also continuing our education programs, such as e-learning and educational leaflets, for all employees.

Fostering a Compliance-oriented Culture through Workplace Meetings

Each workplace holds meetings focusing on CSR to raise the awareness of each and every employee with regard to compliance matters so as to make compliance an integral part of the corporate culture.

These meetings aim to prevent compliance violations by encouraging managers and employees to discuss various problems that are likely to arise in the workplace and to share their thoughts with each other in order to create a work environment where they can easily seek advice on all kinds of problems.

The theme in FY2017 was "Communication in the Workplace." Each workplace shared difficulties in communication as well as its importance by way of discussion concerning case examples with reference to the details of internal reports. Approximately 82,000 employees at around 7,400 workplaces of Group companies in Japan participated in discussions.

In addition, by soliciting the frank opinions of employees via their workplace managers, and sharing analysis results and key opinions within the company, we monitor the level of compliance awareness at each workplace and develop new measures for the future.

To Top

Inspection of implementation status of risk management and compliance measures

The Legal Affairs Division confirms the state of implementation for the various compliance measures based on each operational division's self-check and audits by the Corporate Audit Division. The checks and audits are reflected in compliance measures.

Every year Toshiba conducts an intranet-based employee survey. The results are used in formulating measures for enhancing awareness on compliance.

Response to Compliance Violations

In the event of a major noncompliance incident, Toshiba investigates all facts to identify the cause of the violation, treats the facts seriously, and handles such violations rigorously by imposing appropriate disciplinary sanctions on the offenders or implementing other such measures. It makes every effort to prevent recurrence and discloses information in a proper and timely manner as necessary.

Developing Measures to Continue Breaking Relationships with Antisocial Groups

In 1997, the Board of Directors resolved to end relations with antisocial forces such as sokaiya (groups of racketeers). Since then, the Group has strictly dealt with approaches from third parties to obstruct our lawful and appropriate corporate activities.

In addition, in order to further ensure that all relations with antisocial forces are cut off, all Toshiba Group companies have taken various measures.

More specifically, we have developed and implemented Basic Public Relations Management Rules and appointed public relations management officers for each department. When conducting transactions with a new customer, the public relations management officers of that department confirm that the customer has no relations with antisocial groups. If a need arises during a background check to further investigate the customer, the Legal Affairs Division verifies whether there is any information on the customer's relationship with antisocial groups. We also periodically conduct surveys on customers that we already have business relations with. Transaction contracts normally include a clause regarding the exclusion of organized crime syndicates, which enables a contract to be cancelled without notice when the business partner is identified as an antisocial group.

Toshiba Group also works with the police, corporate attorneys, and third-party organizations such as the National Center for the Elimination of Boryokudan to establish systems that enable us to respond to approaches from antisocial forces in an appropriate and timely manner.

With regard to this stance, the rejection of the involvement of antisocial groups in our business activities has been explicitly stated in the SOC since 2006. Having been revised since then, "antisocial Groups" is now an independent article, further stressing our policy to reject all contact with such groups.

By providing e-learning lessons about the SOC to all employees, we continuously ensure that employees understand the importance of excluding antisocial groups from the business they do.

To Top

Compliance with the Antimonopoly Act and Anti-Corruption

Toshiba Group is a member of the UN Global Compact, and as such, it will enforce compliance with the Antimonopoly Act and strengthen anti-corruption measures globally, in keeping with the revision to the Standards of Conduct for Toshiba Group.

Antimonopoly and Anti-bribery Efforts

In light of global regulatory trends, Toshiba has been making rigorous efforts to prevent cartelization and bribery. In FY2017 the Company continued to step up its initiatives to ensure thorough compliance.

Specifically, the initiatives involve Toshiba Group companies worldwide performing self-audits based on two Toshiba-developed guidelines: one on antitrust and the other on anti-bribery. Through these audits, Toshiba Group aims to identify compliance levels at the companies concerned and to provide thorough compliance education.

Furthermore, we have placed managers of legal affairs in major global regions to enhance compliance and support local subsidiaries in such regions. This has been done in order to appropriately control legal risks associated with relevant anti-trust laws, bribery, and the like and ensure thorough compliance in global business, which has been expanding mainly in emerging countries.

Toshiba promotes rigorous compliance with business-related laws and regulations by providing education, effectively utilizing databases that contain relevant information, and performing periodic self-audits.

In addition, Toshiba's compliance initiatives are objectively evaluated by outside lawyers once a year. We make improvements to reduce risks pointed out by third parties in order to continue to enhance our risk management and compliance structure.

Furthermore, Toshiba is advancing its promotion of compliance awareness, on the axis of the Standards of Conduct for Toshiba Group. In Japan, employees received e-learning training on sales-related risks in February 2018 for employees, in order to raise the standard of sales-related legal risk management. Overseas, we held legal seminars for those in charge of compliance at local subsidiaries, working together with our regional headquarters and regional legal affairs managers. Attendees discussed measures to enhance compliance in keeping with the Standards of Conduct for Toshiba Group, and fortified the foundations for strengthening the risk management network among Headquarters and all regions.

Standards of Conduct for Toshiba Group 6. Competition Law and Government Transactions

Standards of Conduct for Toshiba Group 7. Bribery

Political Contributions

The Standards of Conduct for Toshiba Group stipulates that Toshiba Group shall not provide inappropriate benefits or favors to any politician or political organization.

Also, as part of its social contributions, Toshiba offers political contributions, when necessary, in order to contribute to the realization of policy-oriented politics, to support the healthy development of parliamentary democracy and to improve the transparency of political contributions.

In the case of offering political contribution, procedures in accordance with internal rules are followed as well as compliance with the Political Funds Control Law in case of Japan is strictly ensured.

Standards of Conduct for Toshiba Group 7. Bribery

Donations and Provision of Funds

While the Standards of Conduct for Toshiba Group forbid inappropriate expenses, they stipulate that appropriate donations to organizations may be made. We therefore donate to various organizations, taking into consideration factors such as the contribution made by the donee organization to society, its cause and community aspects, as specified by the Standards of Conduct.

Standards of Conduct for Toshiba Group 19. Community Relations

To Top

Fair Trading

Fair Trading Policy and Its Promoting Structure

Toshiba strives to build sound partnerships with suppliers through fair trading in compliance with procurement-related laws and regulations.

CSR Management in the Supply Chain

Toshiba Group Procurement Policy

Standards of Conduct for Toshiba Group 3. Procurement

The Toshiba Group is promoting thorough observance of CSR both in its own procurement activities, and in those of its suppliers.

There is a CSR procurement promotion structure established within the Group, which acts in order to carry out each procurement transaction in compliance with the relevant Japanese and international laws and regulations.

Information related to compliance concerning procurement is thoroughly informed to Group companies through this system.

Moreover, measures are thoroughly informed by means of Procurement Compliance Liaison Meetings, organized by the Procurement Division and attended by Compliance Managers and Compliance Coordinators.

Toshiba Group CSR procurement promotion structure

Toshiba Group CSR procurement promotion structure

In FY2017, Toshiba notified each Group company of revisions to its regulations on legal compliance in operations and processes in order to strengthen strict and effective risk management, and conducted a comprehensive assessment of procurement transactions. In FY2018, we will continue to strengthen regulations on legal compliance in operations as well as checks of processes.

"Clean Partner Line," Whistleblower System for Suppliers and Business Partners

In order to ensure compliance and fair transactions, Toshiba has established a whistleblower system for suppliers and business partners called Clean Partner Line, as a point of contact for our suppliers to tell us about issues and concerns regarding persons associated with the Toshiba Group.

Personal information on whistleblowers, without the whistleblower's consent, is not disclosed to anyone other than the Clean Partner Line staff. Also, what is reported by whistleblowers is handled based on strict procedures, with care taken not to treat whistleblowers and their companies unfavorably for whistleblowing.

We notify our business partners of this system and request that they make use of it.

Checks and Audits of Fair Trading Practices (Thorough Compliance with the Act against Delay in Payment of Subcontract Proceeds, Etc. to Subcontractors)

In Japan, we continued with audits against the Act for the applicable Group companies with regard to subcontracted transactions. Regarding items requiring improvement as identified by the audits, follow-up is conducted in accordance with improvement plans to ensure thorough compliance.

Training to Ensure Fair Trading Practices

At Toshiba Group, various training programs on compliance in procurement are provided to ensure fair trading practices. For example, since FY2007, we have conducted e-learning for employees of Group companies in Japan on relevant acts, such as the Act against Delay in Payment of Subcontract Proceeds, Etc. to Subcontractors.

In FY2017, a total of 55,892 employees between February and March 2018 participated in the e-learning program on the Subcontract Act.

We also provide compliance education for employees engaged in procurement at various phases of their careers.

Furthermore, we foster promoters specialized in the Act to ensure fair transactions with subcontractors.

To Top

Export Control

Export Control Policy

As indicated in Standards of Conduct for Toshiba Group, Toshiba Group's basic export policy is to refrain from any transaction that could potentially undermine international peace and security. We comply with all applicable export control laws and regulations of the countries and regions where we operate, for example Foreign Exchange and Foreign Trade Law in the case of Japan and US export control laws and regulations with respect to transactions involving items of US origin.

In accordance with the policy, Toshiba Group has established the Export Control Compliance Program (ECCP). Based on the program, we classify the goods and technology and screen transactions. In addition to periodic export control audits and education for all executives and employees, key Group companies and corporate staff divisions provide instructions and support to the Group companies they supervise.

Toshiba Export Control Compliance Program

The program consists of the following provisions to ensure compliance with Japan's Foreign Exchange and Foreign Trade Control Law and U.S. export control laws.

  • Chapter 1 Statement of Corporate Policy
  • Chapter 2 Definition of Terms
  • Chapter 3 Export Control Organizations
  • Chapter 4 Control Procedures
  • Chapter 5 Education
  • Chapter 6 Compliance Reviews
  • Chapter 7 Notification of Violation and Corporate Sanctions
  • Chapter 8 Group Companies

Standards of Conduct for Toshiba Group 9. Export Control

Export Control System

Toshiba's export control system is organized under the Chief Export Control Officer who has ultimate responsibility for the corporation's export control. The Chief Export Control Officer must be a representative director or an executive officer corresponding thereto. Under the Chief Export Control Officer, the Legal Affairs Division Export Control Office is responsible for overseeing the export control implemented pursuant to the Toshiba Export Control Compliance Program (ECCP). Based on the Toshiba ECPP, Toshiba Group company and corporate staff division has its own export control organization led by the Export Control Officer. The Export Control Officer must be the general manager of the corporate staff division, or president of Group company.

Toshiba Group's export control organization

Product Classification and Transaction Review

The technical department classifies the goods or technology and determine whether export license is required. Then, transaction screening is carried out accordingly, such as confirmation of the end-use, end-user, and final destination. Classification and transaction screening are checked and approved by multiple persons in charge. When trading with concerned countries and regions, the Export Control Office conducts stringent assessments and approvals.

Inspection and Audit of Export Control

Corporate staff division, as well as each Group company, perform internal self-checks. In addition the Export Control Office or the Supervising department conducts regular audits to check if export control is appropriately performed. Where problems are identified by the audit. we demand that improvement plans be submitted, and check the progress of the plans.

Export Control Trainings

Training courses on export controls (regular and specialized courses) are offered by the Export Control Office for corporate staff divisions and Group companies to educate employees on the importance of export control and to raise awareness and knowledge of the Toshiba Export Control Compliance Program (ECCP) and related internal regulations.

Furthermore, the Export Control Office provides compulsory export control education for all employees of Group companies in Japan through an e-learning system every year.

Export controls at Group companies including those located overseas are modeled after that of Toshiba, which is implemented under the Toshiba Export Control Compliance Program (ECCP). Export control audits are conducted periodically to evaluate their performances.

The Export Control Office convenes a monthly meeting with Group companies. Besides providing information on relevant international situations and regulatory trends, or advices on specific issues, this meeting also provides a forum for exchanging related information and opinions. Key Group companies provide guidance on export controls and related support to Group companies they supervise.

Furthermore, in order to fortify our support for overseas Group companies, we held an export control workshop targeted at local staff working in export control.

To Top

Information Security Management

Policy on Information Security

Toshiba Group regards all information, such as personal data, customer information, management information, technical and production information handled during the course of business activities, as its important assets and adopts a policy to manage all corporate information as confidential information and to ensure that the information is not inappropriately disclosed, leaked or used. In view of this, Toshiba has a fundamental policy "to manage and protect such information assets properly, with top priority on compliance." The policy is stipulated in the chapter "Corporate Information and Company Assets" of the Standards of Conduct for Toshiba Group, and managerial and employee awareness on the same is encouraged.

In response to regulatory changes and changes in the social environment, Toshiba revises the related rules on an ongoing basis so as to rigorously manage its information security.

Standards of Conduct for Toshiba Group 17. Information Security

Privacy Policy

Structure of Information Security Management

Addressing information security as a management priority, Toshiba appointed the Chief Information Security Officer (CISO) and each corporate staff division and Toshiba Group company has established, under the supervision of the CISO, an information security management structure.

The Risk Compliance Committee deliberates matters that are necessary to ensure information security throughout Toshiba Group. The CISO formulates and enacts measures in order to make sure that internal rules related to information security are enforced in a problem-free, effective and definitive manner.

At each division inside Toshiba and key Group companies, the head of the organization serves as Information Security Management Executive, bearing responsibility for information security at their respective organization.

The Executives provide guidance and assistance to the Group companies under their control to ensure that they implement information security at a level equivalent to that of Toshiba.

Toshiba Group Information Security Management Structure

Toshiba Group Information Security Management Structure

Information Security Measures

Toshiba Group implements information security measures from four perspectives (see the table below). The Technology & Productivity Planning Division incorporates these measures into regulations and guidelines and makes them fully known to all Toshiba Group companies through notices and briefings.

Implementation of Information Security Measures from Four Perspectives
Category Description
(1) Organizational measures:
Establish an organizational structure and rules
  • Periodic reviews of information security-related regulations
  • Development and maintenance of structure
  • Implementation of audits, etc.
(2) Personal and legal measures:
Ensure adherence to rules
  • Regulation of information protection duties and disciplinary measures for breach of duties in rules of employment
  • Provision of periodic employee education and training
  • Contractor information security evaluation and conclusion of confidentiality agreements, etc.
(3) Physical measures:
Support implementation of rules in terms of physical security
  • Carry-in/carry-out control of information devices
  • Facility access control, room / facility entry control
  • Locking of highly important information, etc.
(4) Technical measures:
Support implementation of rules in terms of technology
  • Virus protection and hard disk encryption of information devices
  • Checking the vulnerabilities of servers accessible to the public enhancing their protection
  • Monitoring and controlling unauthorized access from the outside and information leakage, etc.

To protect against cyber-attacks, which are becoming more sophisticated with every passing year, we introduced a function to block suspicious e-mails, enhanced our anti-virus measures for information equipment such as IoT devices, and trained all employees in handling targeted attack e-mails. In addition, we enhanced the monitoring for our network and in-house systems to quickly cope with a virus invasion into the company systems.

Education, Inspection and Audit of Information Security Management

Toshiba, with its wide portfolio of businesses, considers the autonomous implementation of PDCA (Plan-Do-Check-Act) cycle by each business or division to be vital for ensuring information security of the company. With this in view, every divisions conduct an annual self-audits in terms of compliance with internal rules, for the purpose of formulating their own improvement plan. The Technology & Productivity Planning Division evaluates the results of these self-audits and the related improvement activities, provides guidance and assistance where necessary. All domestic and overseas Group companies also conduct self-audits annually, in order to improve the level of information security at each company.

Moreover, Toshiba Group conducts yearly training for all officers, as well as permanent and temporary employees, in order to enforce strict compliance with in-house regulations. There are also programs such as training for those working in information security, and introductory training for new graduate employees.

Response to Incidents Such as Leakage of Confidential Information

In the event an information security incident such as the leakage of confidential information occurs, Toshiba responds promptly in accordance with the information security incident reporting structure.

When an employee becomes aware of the occurrence or potential occurrence of an incident involving the leakage of corporate information, the employee promptly reports to the Implementation Manager. The Implementation Manager, upon receipt of such report, devises necessary measures, such as an investigation into the cause and consideration of actions to prevent recurrence. In the case of the occurrence or potential occurrence of a serious leakage of confidential information that may entail a violation of laws or ordinances, Toshiba implements measures in accordance with the applicable laws or ordinances, such as disclosure, following discussion among the related corporate staff divisions.

Information Security Incident Reporting Structure

Information Security Incident Reporting Structure

Status of Incidents Such As Leakage of Confidential Information

In February 2018, we confirmed the possibility that email data had been leaked following illegal access to the Toshiba Group server through an outsourcing agent for our information system. After identifying the issue, we immediately turned to a specialized organization to take remedial steps. We will continue to prevent incidents concerning information security, and are fully prepared for any situation. There were no complaints from relevant external individuals or regulatory bodies concerning personal data.

To Top

Product Safety Information and Advertising

Policy on Product Safety Information and Advertising

Toshiba Group provides accurate product information and executes appropriate advertising in accordance with the Standards of Conduct for Toshiba Group, the Code of Fair Competition for Home Appliances*1 and other policies.

Quality assurance organizations of Group companies and affiliated companies monitor the safety standards of the countries where products are marketed and technical standards such as the UL Standards*2 and CE Marking*3 to ensure that their product labeling is in compliance with the relevant standards.

Standards of Conduct for Toshiba Group 2. Customer Satisfaction

Standards of Conduct for Toshiba Group 15. Advertising

  • *1 This refers to the fair competition agreement on representation in the home electronics manufacturing industry. Under the provisions of the Act on Premiums Labeling, the Fair Trade Commission approved in 1978. The domestic electric industry management organization is the National Electric Home Appliance Fair Trade Council, a public interest corporation group. This regulation prescribes prohibition of misrepresentation, necessary representation items, representation standards for specific matters, etc. It aims to contribute to proper product selection, to prevent attraction of unjust customers, and to ensure fair competition.
  • *2 UL Standards: Safety standards issued by Underwriters Laboratories Inc., a U.S. not-for-profit product-safety testing and certification organization. UL has developed standards for materials, products and facilities.
  • *3 CE Marking: This mark indicates that the product bearing it is in compliance with safety standards of the European Union (EU). CE Marking is mandatory for certain types of products sold in the EU.

Compliance with Regulations and In-House Standards Regarding Products

In FY2017, there were cases in which regulations and in-house standards regarding safety and health were violated in product or service life cycles.

With regard to regulations and in-house standards regarding product/service information and labeling, in some cases we discovered a labeling error after products were shipped. In each case we implemented the appropriate measures under the guidance of authorities.

Examples of response to breaches relating to product safety

Deficiency in Description of Unintended Car Movement Protection (UCMP) for Elevators in Application to Minister of Land, Infrastructure and Transport (Apology and report) (Toshiba Elevator and Building Systems Corporation) December 26th, 2017 (Japanese)

Non-Compliance with Ministerial Certification for Unintended Car Movement Protection (UCMP) for Elevators (Apology and report) (Toshiba Elevator and Building Systems Corporation) August 25th, 2017 (Japanese)

Labeling error incident

Dynabook T85/C, T75/C, T55/C, T45/C Series of notebook PCs <Apology and Notice to customers> (Toshiba Client Solutions Co., Ltd.) June 29th, 2017 (Japanese)

Dynabook V, VC, VZ Series of notebook PCs<Apology and Notice to customers> (Toshiba Client Solutions Co., Ltd.) June 29th, 2017 (Japanese)

Compliance with Regulations on Advertising and Labeling

In FY2017, as a result of our strict implementation of the Manufacturing Labeling Standards, there were no violations of the Act Against Unjustifiable Premiums and Misleading Representations among Toshiba Group companies.

To Top

Risk Management with Business Continuity Plan (BCP)

Failure to respond appropriately to large-scale disasters such as earthquakes, typhoons, and floods could result in the long-term closure of operations, triggering significant financial losses, ultimately affecting our stakeholders.

Toshiba implements measures to ensure the safety of employees and their families, support recovery of devastated areas, and maintain business sites and factories.

The BCP, which we have been formulating and developing Group-wide as of FY2007, is one such measure. Focusing on our key businesses that have a large social and economic impact, we are establishing a BCP that takes into account the possibility of large-scale earthquakes and new strains of influenza, and continually update it in order to maintain and improve its effectiveness.

Toshiba Group will continue to strengthen its BCP, so that it can continue its business even in the case of a large-scale disaster, and puts the safety of all its employees above other concerns.

BCP Procurement Management

In response to the Great East Japan Earthquake and the floods in Thailand, both of which occurred in 2011, Toshiba Group is promoting to establish a more disaster-resistant procurement system.

Based on Toshiba Group's Procurement Policy, we request our suppliers to cooperate in continuing to provide supplies in the event of an unanticipated disaster.

In 2012, we established the BCP Procurement Guidelines to provide crisis management standards.

Also, to minimize the risk of supply chain disruptions and to reduce the amount of time required to resolve supply chain disruptions, we have built a system to manage corporate information on upstream suppliers in the supply chain. In the event of an unanticipated disaster, we use this system to quickly investigate its effects on our supplies worldwide so that action can be taken promptly.

To Top

Tax Affairs

Based on a basic tax policy, the Toshiba Group complies with legal ordinances, notices and regulations in various countries and makes efforts to properly file tax returns and pay taxes.

Basic Policy Regarding Taxes

The Toshiba Group follows the following policy to properly file tax returns and pay taxes:

  1. Legal compliance
    Placing the highest priority on life, safety, and compliance in the Standards of Conduct for Toshiba Group understands the reasoning behind and complies with the legal regulations of various countries, files tax returns and pays taxes in accordance with guidelines published by OECD and other international organizations.
  2. Paying an appropriate amount of tax
    While ensuring compliance to legal regulations, the Group strives to pay an appropriate amount of tax by understanding the reasoning behind and using legally approved systems, such as consolidated tax payments.

To Top