Systems for Disasters and Other Emergency Situations
The Advantest Group has established the Risk Management Group, and will conduct measures to minimize damage, should any of the following events occur:
If damage is caused to buildings or facilities, or if networks and systems stop functioning, thereby making it difficult to continue our business operations, or if there is the possibility of this type of situation occurring due to a disaster or accident;
If our executives or employees are in danger or possibility of danger of death or bodily injury due to a disaster or accident;
If there is a scandal or incident that may to become a matter of public concern; or,
In addition to those described above, if there is any event, which may cause a significant impact on the business of the Advantest Group due to a disaster or accident.
In December 2001, Advantest established a Risk Management Group with the Company's president as its leader. If any of the above events occur, the Risk Management Group will consolidate information flows, evaluate the problem, direct the initial response, formulate recovery plans, and handle the operation until complete recovery.
Business Continuity Plan
The Advantest Group established the following basic policy in fiscal 2007 for large-scale natural disasters. We have devised our business continuity plan based on this policy.
Business Continuity Plan (BCP) – Basic Policy
We will place top priority on ensuring human safety should a major disaster strike.
We will minimize the adverse effect to our suppliers and other stakeholders , and fulfill our corporate responsibility.
We will cooperate with local society in regular disaster prevention activities, and will assist the recovery of local society in case of disaster.
After the Great East Japan Earthquake in March 2011, we reviewed our disaster prevention arrangements. In fiscal 2012, we rebuild our Business Continuity Plan (BCP) to take into account the possibility of an earthquake in Tokyo and flood along the Tone River, and to ensure the integrity of our supply system even in the event of such disasters. Under the BCP, the following measures are stipulated in line with the basic policy.
Basic Policy
Specific Measures
1. Ensuring human safety
In addition to the regular disaster prevention and safety confirmation drills, we will strengthen crisis management and business continuity systems, making human safety the top priority.
2. Fulfillment of supply responsibilities
In case of an earthquake, we will continue to supply systems fromour main manufacturing plant (i.e. the Gunma Factory) . In the case of a flood, we will continue to supply systems from alternative 3rd party manufacturing sites.
In preparation for cases where workplace attendance is temporarily impractical because of damage to offices or infrastructure, we will establish remote work environment.
3. Contributions to local society
Our Gunma R&D Center has been designated by Meiwa Town as an evacuation shelter in case of flooding, and we contribute to the area by keeping the site ready for flood evacuees.
Measures Implemented in Fiscal 2019
In fiscal 2019, management reviewed the role, policies, and state of activities of the Risk Management Group in April. Based on these reviews, the BCP was reviewed and shared with each function of the Risk Management Group. Furthermore, Country Risk Management Managers in overseas Group companies were invited to Japan, and shared the BCP plan of each country.
Disaster Responses
June 2019 Niigata Prefecture Kaetsu Earthquake: Safety confirmation was performed for all domestic companies.
September 2019 Typhoon Faxai: Safety confirmation was performed for all domestic companies.
October 2019 Typhoon Hagibis: Safety confirmation was performed for all domestic companies. Gunma R&D Center (a designated evacuation shelter for flooding) accepted250 evacuees from neighboring areas.
February 2020 Initiatives such as handling fever and other symptoms, limiting business travels, and promoting work from home (telecommunications) to prevent the spread of the new coronavirus were implemented.
Approach to Materiality in Customer Privacy
Information that we receive from our customers and business partners is information that should be socially protected and it is also thus information asset for the company. We recognize that the proper protection and management of this information is vital.
Supervising division
Security departments
KPI
Number of complaints related to information security
FY2019 target
0
Results achieved in fiscal 2019
0
Boundary
Advantest Group
Relevant policies
Basic Information Security Policy and Privacy Policy
Advantest is fully aware that the information we receive from suppliers and information pertaining to our technical and sales operations are important assets. In order to effectively manage this information, we pursue information security practices that include developing regulations, constructing control systems, and providing employee training by the Information Security Committee.
Policies and Rules Related to Information Security
Advantest has established an Information Security Basic Policy. Rules are specified in five policies: our Privacy Policy, Confidential Information Management Policy, Education & Incident Management Policy, IT Security Policy, and Social Media Policy. Each policy will be reviewed by the Information Security Committee as necessary.
Organization of the Information Security Management System
Advantest regards the implementation of information security control as a key management issue, and has accordingly assigned Senior Executive Officers to act as Information Security Officers who are responsible for such systems on a global basis.
Moreover, we have set up a system that enables our offices in each country to autonomously address information security issues. Under this system, the Regional Information Security Officer posted in each country brings a variety of viewpoints to the table in the course of deliberating on potential information security measures to be applied on a group-wide basis, and also when considering which policies and rules should be adopted, or otherwise revised or abolished.
Specifically, the head of each Group company's administration division has been assigned to the position of Regional Information Security Officer, who is responsible for the security management in their respective regions. Meanwhile, members from related divisions in respective countries have been tasked with implementing information security measures.
Information Security Training
Based on the view that the final barrier for information security is "people," we aim to thoroughly publicize information security policies and related regulations. We administer information security training on each policy (Privacy Policy, Confidential Information Management Policy, Education & Incident Management Policy, and IT Security Policy), as well as training simulating an actual cyber-attack case, to all employees in Japan and overseas.
Going forward, we intend to continue developing more practical content and offering more pragmatic training through learning activities that entail repeated exposure to information security rules and content covering key topics in that regard.
Training/Awareness Raising as Part of the Information Security Training
Information Security Training through e-learning for all employees: 1
Targeted email threat training: 1
Awareness raising for all employees: 1
Broadcast of information to raise awareness: 9
Initiatives for Strengthening Information Security
In fiscal 2011, we adopted a system whereby internal audit divisions perform information security audits. This enables us to conduct more objective rule-based checks and provide feedback to divisions that have been audited.
From this fiscal year, Advantest has configured multi-factor authentication for all employees to prevent identify theft and to enhance security measures.
We also undergo security assessments and vulnerability tests via an external agency as an objective evaluation of our information security measures. We then refine the points to improve security based on those results to strengthen our level of security.
Confidential Information Protection
Our Information Security Basic Policy defines confidential information as information that has been disclosed by clients under contract along with information that is important to the company. Moreover, the policy stipulates that such information must be handled in accordance with relevant regulations.
Accordingly, we are committed to ensuring that confidential information is not divulged outside the company by ensuring that it is protected through the use of adequate controls governing its storage, disclosure and handling. In fiscal 2019, there were no incidents involving the unauthorized disclosure of important confidential information, etc.
Personal Information Protection
We consider the confidentiality of all personal information entrusted to us to be very important, and accordingly we take steps to ensure that such information is properly protected and managed. In fiscal 2019, there were no incidents involving the unauthorized disclosure of important personal information, etc.
Our commitment to safeguarding personal information entails posting personal information managers in divisions that handle such duties, and ensuring that those managers carry out their duties properly with regard to overseeing such information. Furthermore, we perform regular audits of personal information management and usage practices in each division, and make improvements whenever deficiencies are discovered.
In Group companies outside of Japan, Regional Information Security Officers work to protect and manage personal information in accordance with the laws, regulations, and demands of each respective country or region.
