Santen strives to establish an information management and monitoring system in response to various risks, including unpredictable uncertainties, to eliminate such risks or address them appropriately.
In accordance with the rules for risk management, we identify, evaluate, and monitor risks regularly in each region and division to deal with assumed major risks of loss related to the execution of our business activities, striving to avoid or minimize the risk of loss during times of normal business operations. At the same time, we continue to build an effective risk management system to improve the sophistication of risk management. To this end, in fiscal 2022, we began dividing risks into risks attributable to internal factors and risks attributable to external factors, identifying and categorizing each risk factor in an integrated manner and communicating this information throughout the company.
As our business expands globally, we are required to comply with various regulations at advanced levels. In addition, we must take appropriate measures to ensure a stable supply of products, quality control, IT security, and compliance, as well as to ensure risk management against pandemics, natural disasters, conflicts, etc.
To address the variety of risks that may affect our business in particular, we continue to strengthen risk management activities under the leadership of our chief risk officer (CRO), who is responsible for identifying major risks, formulating preventive measures, and encourage discussion.
In the event or report of an event that has the potential to develop into a serious crisis, we form a crisis management committee, chaired by the Santen president and CEO. This committee responds to and contains the situation in question as we implement measures to prevent recurrence.
In its independent capacity, the Internal Audit Office verifies the status of risk management through internal audits.
|Assessment points||Risk scenario||Impacts on corporate value||Countermeasures and current progress||Risk category|
|Supply chain||External factor||Operational risk|
|Global compliance||Internal factor||Operational risk|
|IT Security and Information Management||Internal factor||Operational risk|
|Investment||Failure to realize expectations or profits from proactive investments with the aim of sustainable global growth in the ophthalmic field, due to changes in the external environment or other unfavorable circumstances||Internal factor||Strategic risk|
|Global Operation||Internal factor||Strategic risk|
|Pharmaceutical Regulatory Trends||External factor||Strategic risk|
|Research and Development||Internal factor||Strategic risk|
|Internal factor||Operational risk|
|Environment||External factor||Strategic risk Operational risk|
|Details||Business Context||Impact||Response and Mitigation Measures|
|International Disputes||International disputes that span specific regions or countries not only affect the supply chain in those regions, but also impact raw materials procurement, product supply, etc.||Such events cause concern for the safety of employees in the areas affected, as well as concerns about the impact on supply chains, finances, and sanctions.|
If production activities, including the activities of our contract manufacturers, are affected, the supply of products to the entire global market could be affected negatively.
|Continue to development response manuals to recognize and mitigate risks.|
Monitor geopolitical, socio-political and economic/political conflicts in the countries and regions where key supplies and suppliers are located.
|Water Resource Issues||Frequent earthquakes in the Noto Peninsula, where our plant is located, could impact groundwater channels. An accident at the nearby nuclear plant could impact water quality. These and other events could have a negative impact on production activities.||Potential inability to provide a stable supply of products.|
Potential impact on sales and other financial matters.
|Secure backup water sources.|
Maintain backup production lines.
|Changes in Employment Relationships||As human resources mobility increases globally, declining wage competitiveness in Japan and other issues have become major problems. Competition for human resources intensifies as companies respond to wage increases and other factors, increasing the risk that talented employees will leave the company.|
At the same time, competitive conditions in recruitment and hiring are likely to become more severe due to rapid wage increases associated with globalization.
Further, the globalization of work styles will change the traditional rules in each country regarding the terms of operations and recruitment.
|In particular, serious consequences could result from the loss of human resources due to the increased retirement of talented employees and organizational dysfunction due to excessive mobility.|
Higher wage levels for mid-career hires will contribute to higher costs.
The increasing diversity in places to work and work styles, as well as the diversification of values, may lead to events that cannot be addressed through conventional rules.
|We must conduct initiatives to improve employee engagement and actively promote talented people to higher levels of responsibility.|
Consider benchmarking wages and terms of employment against peers and competing systems.
|Outbreak of New Infectious Diseases||The outbreak and spread of infectious diseases caused by new pathogens could affect R&D, production, sales, and other activities.||Such events could hinder research and development activities, such as clinical trials and studies. The stable supply of products could be disrupted due to the impact on the supply chain, including factory operations and logistics. Sales activities could be disrupted due to the inability to collect or provide timely and appropriate information to medical professionals.||Establish systems to ensure the safety of employees and the continued stable supply of products based on our response to COVID-19 to date.|
In the most obvious sense, effective information security assures the safety of our critical assets, protects individual privacy, and guards the integrity of our systems and infrastructure. In a broader sense, information security is the essential first ingredient to our evolution as a global society. Therefore in Santen, we see information security is a strategic priority.
Santen is committed to implement and maintain an Information Security Management System (ISMS) based on ISO/IEC 27001. The main objective of the system is to guarantee the confidentiality, integrity and availability of information which is required for the continuity of daily operations, regulations and maintaining strategic competitive advantage. To implement and operate this management system, Santen;
Top Management's support, commitments, accountability is vital in ensuring information security implementation and achieving the Information Security Management System's intended results.
In Santen, Chief Digital & Information Officer (CDIO) acts as Chief Information Security Officer (CISO), and is accountable from the global information security strategy and its execution.
In this role, CDIO reports directly to the Chief Executive Officer (CEO), and Board of Directors (BoD) and is responsible from maintaining the security governance framework, focusing on information and business risks, concentrating on the protection of critical business processes and applications, protecting classified information from disclosure, taking responsibility for developing and maintaining an information security architecture, and ensuring that new systems are developed securely, as clearly stated in the 'Santen Global Information Security Policy'.
CDIO is supported by the ISMS Committee, the governance body which is chaired by the Global Head of Information Security and consists of several critical stakeholders. The ISMS Committee meets on a regular basis to make strategic decisions and perform other key responsibilities listed below, and reports the identified risks, and decisions to CDIO, CEO and BoD:
Our security education and awareness program expect all employees to take ownership of our security practices. we train all new employees on information security policies and detailed rules.
The online IT security awareness training in FY2022 has a completion rate of 96%. Below topics are some examples that are covered in the training:
The online OT security awareness training in FY2022 has a completion rate of 99%. Below topics are some examples that are covered in the training:
As phishing is one of the most effective and widespread techniques used by cyber criminals, Global Information Security innovated a new phishing training approach to drive a more secure corporate culture founded upon employee behavior that reduces risk of the human element.
The team launched an ongoing phishing gamification experience globally, to encourage our colleagues learn safer email habits in an engaging and playful way, while making sure they are part of the incident response process.
The company aims to apply industry best practices as part of our information security policies, processes and invest in strategies that are commensurate with the changing nature of the security threat landscape. Some of the policies and procedures that provide guidance to our employees in their daily operations include the following: all are for global.
In Santen, third parties are treated as an extension of our Information Security Management System (ISMS), i.e. when Santen provides or receives services from a third party supplier, the scope of our ISMS extends to the third parties. Our information security policies, procedures, instructions enforced in Santen, are applicable to all third parties who hold a relationship with us.
Before engaging with third parties, information security risk assessments are performed. As third party security risks are always evolving, and continuous monitoring at regular intervals is vital; we monitor the security risks via different tools and processes (such as; Maturity Level Assessments, Cyber Risk Scorecards) throughout the entire vendor lifecycle, from onboarding to off boarding.
We in Santen believe that our mission is to continue delivering of treatments for visual conditions to our patients around the world based on Santen's CORE PRINCIPLE, even in the event of emergencies, including the worldwide COVID-19 pandemic and the consequent adoption of lockdown measures in various cities and countries around the world. In addition, as a life science company that contributes to society, we place high importance on avoiding committing any act that could help to spread the virus, and continuing our efforts toward future innovation in ophthalmic treatment even amid such an emergency. As an emergency measure, on January 2020, we organized the Crisis Management Committee. We have since carried out various initiatives, including monitoring the situations in our business locations in Japan and abroad, and devising countermeasures and giving directions on their implementation.