Risk Management

Basic Stance

Through its global activities in the ICT industry, the Group continuously seeks to increase its corporate value, and to contribute to its customers, local communities and indeed all stakeholders.

Properly assessing and dealing with the risks that threaten the achievement of our objectives is assigned a high priority by management. The entire Group has built a risk management system in accordance with the Fujitsu Way, and is committed to its continuous implementation and improvement.

Business Risks

The Group identifies, analyzes and evaluates the risks that accompany business activities and works on measures to avoid or reduce them, and to deal with them quickly in the unlikely event that they materialize.

Risk Management Structure

We have established the Risk Management Committee as a body to perform risk management in accordance with the Fujitsu Way. This committee reports directly to the Management Council.

The Risk Management Committee appoints risk management executives in all business units and companies throughout the Group, and encourages cooperation among them both to guard against potential risks and to mitigate risks that are threatening, forming a risk management structure for the entire Group.

The Risk Management Framework

The Risk Management Committee is responsible for grasping the risk management situation in all Fujitsu business groups and Group companies, establishing the appropriate policies and processes, etc., and both implementing and continuously improving them.

In practical terms, it decides on risk management regulations and guidelines, applies them and regularly reviews and improves them.

Risk Management Processes

The Risk Management Committee, which maintains regular communications with risk management executives, identifies, analyzes and evaluates the risks of business activities, confirms the detailed measures intended to deal with major risks by averting, minimizing, transferring or retaining them. It also reports important risks to the Management Council.

The Risk Management Committee also prepares responses against the actual materialization of a risk despite the implementation of various preventive measures. If a critical risk such as a natural disaster, product breakdown or defect,a problem with a system or service, a compliance violation, an information security breach, or an environmental problem materializes, the department or group company reports immediately to the Risk Management Committee. The Risk Management Committee coordinates with the related divisions and workplaces for rapid resolution of the problem by appropriate measures such as establishing a task force. At the same time, the Risk Management Committee strives to identify the causes of the problem and propose and implement solutions. Additionally, for critical risks, the committee also reports as appropriate to the Management Council and the Board of Directors.

The Risk Management Committee continuously confirms the implementation status of these processes and works to make improvements.

Group-Wide Disaster Prevention

We have organized a Group-wide disaster prevention network for the event of a major disaster. To minimize harm to persons and property we perform frequent disaster prevention inspections and simulation exercises at all our business locations.

Since 1995, we have carried out in Japan nation-wide disaster prevention drills in conjunction with Japan's Disaster Prevention Day, assuming an earthquake with its epicenter under the capital or off the Tokai coast. In FY 2010, we carried out initial response disaster drills for verifying the amount of damage at each Fujitsu site and verifying the safety of Fujitsu employees in the western Kanto and Tokai areas assuming a Tokai area earthquake with a seismic intensity of seven on the seven-point Japanese scale. At the same time, we also carried out drills for restoring ICT systems belong to customers who were affected by the earthquake following the business continuity plan (BCP).

After the Great East Japan Earthquake, we put our company-wide disaster prevention training experience to work. Immediately after the earthquake occurred, we set up a Central Disaster Response Headquarters with the president of Fujitsu as Chief of Operations, and, while coordinating with the response groups in each division, verified conditions at our customers' sites and at Fujitsu Group sites to assist with our customers' recovery activities and with recovery and business continuity activities at our business sites.

• The Fujitsu Group's Response to the Great East Japan Earthquake

Business Continuity Management

The risks of unforeseen events that threaten economic and social continuity, such as natural disasters like earthquakes and large-scale flooding, disruptive incidents, accidents, and epidemics such as the new strain of infl uenza, have increased greatly in recent years.

At Fujitsu, we place great importance on business continuity management (BCM), establish a business continuity plan (BCP), and implement training based on that plan. This is to assure that, when one of these risks materializes, not only do we continue operating our critical businesses and meeting our social responsibilities as a corporation, but that we also continue stable supply of the high-performance high-quality products and services our customers need.

We also work to promote business continuity in our whole supply chain. In addition to business continuity in the Fujitsu Group internal distribution and production supply chain, we also support our business partners' BCM promotion efforts.

When the Great East Japan Earthquake occurred, we activated our BCP to restore operation of our critical businesses and we also performed a variety of business continuity operations, such as temporarily moving PC production to an alternative site, restoring supply of services and products to our customers, and supporting social functions.

• The Fujitsu Group's Response to the Great East Japan Earthquake

Measures Against the New Strain of Influenza

We have taken steps against the new strain of influenza based on a three-fold influenza policy; to safeguard lives, to stop the spread of infection and to ensure business continuity. We created a "Basic Action Plan for Measures Against the New Strain of Influenza" that stipulates preventive measures in everyday operations and the response process to be used if an outbreak occurs. We work to disseminate these to all employees through e-learning and by distributing pamphlets.

Also, to contribute to the continuity of social infrastructure businesses and the continuity of our customers' businesses should an epidemic occur or a particularly virulent new strain of influenza arise, we have established, and carry out training based on, a "Business Continuity Action Plan for Measures Against the New Strain of influenza".

Risk Management Education

We have implemented a systematic educational curriculum that aims at preventing risks from materializing in advance and implementing risk reduction measures across the whole Group. It also aims at minimizing the spread or growth of damage should a risk materialize and preventing the same problem from reoccurring.

Through this education, we inform our employees of our basic approach to risk management and the rules to be followed, and cite concrete examples to strengthen our employees' awareness of risk management and their ability to deal with risks. We also hold education and training programs as appropriate on issues such as information security, environmental problems, and natural disasters.