Toyota has been working to reinforce its risk management systems since the series of recall issues in 2010. In June 2010, Toyota established the Risk Management Committee (now the Corporate Governance Meeting) and appointed risk managers for the global group and each section as part of global measures to comprehensively prevent and mitigate the impact of risks that could arise in the course of business activities.
Toyota has appointed a global chief risk officer (CRO) to head global risk management and established a structure under the global CRO to monitor risk on a daily basis. This structure enables the Company to respond immediately in the event of an emergency
Toyota will ensure safety and security of our customers from cyberattack. From the viewpoints of governance and risk management, regarding it as our social responsibility to protect our customers’ personal information, Toyota is taking a range of measures to reinforce information security. In June 2016, Toyota and its consolidated subsidiaries established the Information Security Policy in order to clarify the basic policy and initiatives of information security and work cooperatively to address information security.
Under the Chief Information Security Officer, security officers are respectively assigned in the individual security fields to promote activities.
Details of activities in each security field and overall common challenges have been shared and discussed at the Information Security Promotion Meeting to improve information security throughout Toyota.
Toyota has established the All Toyota Security Guidelines (ATSG) covering Toyota, its subsidiaries and affiliates that seek to prevent in-house information leaks, cyber attacks, which have been on the rise recently, etc. and is trying to ensure complete information security.
To be prepared for incidents, including large-scale earthquakes, Toyota established the Business Continuity Plan (BCP) to facilitate the early recovery of business operations with limited resources. Toyota undertakes disaster recovery in accordance with the below Basic Guidelines with the goal of contributing to the enrichment of the lives of communities.
Toyota is continuing to enhance the effectiveness of its BCP by implementing a PDCA cycle, undertaking training and executing other measures. These activities are identified as the Business Continuity Management (BCM), which are delivered through coordination among employees and their families, Toyota Group companies and suppliers, and Toyota.
To improve the feasibility of actions that follow the Basic Guidelines and give priority to regional recovery following a disaster, and to help build disaster-resilient communities, Toyota has concluded comprehensive disaster support agreements with local governments (October 2013: Toyota City; February 2014: Miyoshi City; March 2015: Tahara City; August 2015: Susono City).
Since the Great East Japan Earthquake, with the aim of prompt initial action and early recovery, we have united with suppliers in each country and region to build a disaster-resilient supply chain by sharing supply chain information and setting up measures of preparedness.