Business Continuity (BCP), Risk Management

  • Facebook
  • tumblr

Mission

Prevent and mitigate operational risks
We anticipate, prevent, and mitigate risks, but when crises arise, we protect our people, property, and profits.

Management structure

The Bridgestone Group broadly divides risks into two categories: business strategic risks, which are related to management decision-making, and operational risks, which are related to daily operations. The former is handled through business operations, while the latter is handled by the Chief Risk Officer (CRO), who has overall responsibility for managing risks and reports to the CEO.

Bridgestone strives to comprehensively and appropriately manage risks common to the Group, while taking the business scale and characteristics of each site and Group company into account. Through the dual promotion of region-specific autonomous and group-wide risk management, Bridgestone identifies, prevents and mitigates risks, and formulates Crisis Management and Business Continuity Plans to enable appropriate support for the continuation or resumption of business.

The Business Continuity & Risk Management Working Group was established in 2016 under the jurisdiction of the Global CSR Enhancement Committee (GCEC). The working group, which is made up of members from each Strategic Business Unit (SBU), manage and update the Bridgestone Group’s Global Risk Management Policy, and oversee our corporate risk management, crisis management, and business continuity systems. To achieve this mission, the working group is undertaking five key initiatives:

•Refine and standardize the annual risk identification process across the Group;
•Create a global definition and framework for crisis management and business continuity;
•Enhance the risk management role of emergency action reports;
•Develop an enterprise travel risk management program; and
•Formalize the process for cross-SBU support in crisis management.

The WG’s deliberations and efforts are guided by ISO 31000, the international standard for risk management.

In 2018, the Bridgestone Group focused on three aspects of risk management important to our efforts to be a truly global company. They include:

Emergency action reporting requirement/procedures

Bridgestone developed and issued new guidelines to clarify the types of incidents that should be reported to headquarters’ leadership versus managed by regional leadership. In doing so, we identified five incident levels, along with criteria for each, to ensure consistent Group-wide reporting. Following the development of this approach, Bridgestone created a reporting template and trained appropriate individuals across the Group.

Integrated crisis management and business continuity support

While the Bridgestone Group has four operating regions, the location of facilities within these strategic business units don’t always align with their geographic descriptions. For example, Bridgestone Sports based in Japan makes golf balls in Atlanta, Georgia, U.S. In 2018, the Bridgestone Group initiated a project to create a common framework for managing issues and crises across the enterprise so all businesses are aligned on how to work together collectively to ensure globally consistent responses and sustain business continuity when situations arise.

Annual global risk-identification process

Ten years ago, the Bridgestone Group initiated an annual, Company-wide process to identify potential business risks facing each Strategic Business Unit and the overall organization. The Bridgestone Group is now streamlining the process to make the information more meaningful and actionable, while also building in broader participation across the organization. In doing so, the goal is to gain a more complete understanding of potential risks across the Group, be better equipped to track and measure the impact of mitigation efforts, and share best practices about effective mitigation approaches.

Emerging risks and mitigation measures

The Bridgestone Group identified two emerging long-term risks: Compliance with and Technical Assurance of Emerging Privacy Laws; and sustainable procurement of raw materials.

For the former, business impact varies by Region because of variations in laws, including significant fines and penalties and adverse impact on Bridgestone's brand and reputation as a Company committed to being a good corporate citizen and upholding the human rights of individuals. The Bridgestone Group has adopted a Global Code of Conduct which contains a section specifically on privacy and personal data. Further, in compliance with the General Data Protection Regulation, Bridgestone Europe, Russia, Middle East and Africa (EMEA) has designated a Data Protection Lead and implemented a robust Privacy Policy and Cookies Policy. Bridgestone Americas also has dedicated a fulltime resource to focus solely on creating a robust Privacy Program for the BSAM enterprise as more Governments adopt privacy laws in the US and Latin America. As part of BSAM's enterprise-wide Data Privacy Program, workshops are being conducted to identify business processes within which personally identifiable information (PII) is utilized. The information flows of these processes are then mapped to their supporting IT systems, enabling technical assurance for maintaining privacy of personal data. As part of Bridgestone China, Asia Pacific (BSCAP) website migration exercise, all privacy policies throughout the region were reviewed and updated to reflect and adopt the latest standards in privacy and data protection laws. BSCAP is also redesigning and implementing a regional Trade Secret Management policy which includes operational and technical guides on personal data protection to further BSCAP's data privacy efforts.

For the latter, we reinforced our commitment to sustainability by adopting a Global Sustainable Procurement Policy and by reaffirming our commitment to Corporate Social Responsibility. Among other things, these business imperatives ensure that we will continue doing business in ways that improve the natural rubber supply chain and support innovation and advancements in technology to ensure the viability of the natural rubber economy.

In spring 2019, the working group evaluated the results of the Bridgestone Group's annual, global, risk identification process to decide Group Global risks and will report them to GCEC. The working group is developing a plan to monitor each SBU's mitigation plan to ensure these risks are addressed and to share best practices and lessons learned across the Bridgestone enterprise. In the meantime, if a risk evolves into an actual event or problem, integrated teams of business units and staff functions already in place in each SBU would be activated to respond. Not only do these teams carry out and manage the company's response, but they also ensure that important information is immediately communicated to the SBU's own CEO, COO, and CRO, as well as the Group Global CEO, COO, and CRO. If needed, business continuity plans are also activated. These plans identify potentially affected employees; establish alternate workplaces; document critical business processes and work-arounds that can be applied when normal methods aren’t feasible; and ensures essential equipment is available for each employee to do his/her job.

Earthquake countermeasures

Emergency drill in Kodaira, Japan

In Japan, we conduct drills to prepare for earthquakes, which pose a significant risk, and also has established a business continuity plan in preparation for a major earthquake in the Tokyo metropolitan area that would affect our head office, technical centers, and many other functions. We created the framework of our emergency office consisting of Kyobashi, Kodaira, and Yokohama offices, ensuring backup functions.

When an earthquake with an intensity of lower five on the Japanese seismic scale occurs, we will collect information on whether human damage or physical damage has occurred. Depending on the extent of damage, we will set up an emergency response organization and respond. When an earthquake with an intensity of upper five on the Japanese seismic scale occurs in the Tokyo metropolitan area, an emergency response organization will be automatically installed and respond.

We conduct annual emergency drills as a disaster response office in these three districts. Protecting human life is our highest priority. In 2015, we introduced evacuation points that prioritize human life protection and enhanced evacuation procedures at facilities at risk in the event of a tsunami in Japan. Since the 1995 Kobe earthquake, we have systematically enhanced earthquake-resistance in our office buildings and plants.

We also believe that protecting production facilities and other corporate assets from destruction is the basis of good corporate management. These initiatives also go toward mitigating risk to meet social requirements. Since 2011’s earthquake and tsunami, we have again looked carefully into our building components such as ceilings and pipes for further enhancement.

Response to new types of influenza and other severe infectious diseases

Since 2013, Bridgestone Corporation has formulated business continuity plans (BCPs) to address the spread of new types of influenza and other severe infectious diseases of potentially pandemic proportions. In 2015, our BCPs were revised to align with the World Health Organization’s global framework to aid pandemic preparedness and response planning.

Our plans have effectively guided our response to the 2013 Avian Influenza in China and ensured the well-being of our employees and business operations there. In 2014 and 2015, we received global recognition for our successful efforts to control the spread of Ebola Hemorrhagic Fever at our Liberia-based natural rubber producing operation. Firestone Liberia not only saved lives, supported education and response efforts in surrounding communities, and partnered with the Government of Liberia and NGOs to detect and fight the disease, but also managed to keep its business running at the same time. This accomplishment was documented and published in a case study by Northwestern University's well-known Kellogg School of Management, which is now a regular part of the crisis management curriculum for MBA students.

Personal information protection

Bridgestone Corporation and its group companies in Japan believe that it is an important responsibility to protect all of your personal information. We formulated a Privacy Policy that reflects our principle. Based on this policy, we conduct ongoing trainings for all employees at Bridgestone and its group companies in Japan and maintain a structure for information management.

IT security

The Bridgestone Group takes a systematic approach to IT security to prevent leaks of customer data and other confidential information and to ensure stable business continuity. We have formulated our corporate standards and rules on IT security, which are revised to stay abreast of technological advancements and changes in IT risks. Particularly strict standards have been set for the information systems handling personal information.

As a group-wide effort, Bridgestone is collaborating with IT security teams in regions where our Group companies operate. We formulated a global security policy and are taking measures based on this policy.

Bridgestone also continually strengthens IT security throughout the corporate group through our e-learning programs for employees regarding email and other information technologies and conducts regular internal audits to raise awareness among employees.

Furthermore, to counter targeted attacks and other advanced cyber threats, we are strengthening our monitoring of networks and other systems and have established an organizational structure to produce an immediate response to any IT security incidents.

Relevant Information