Governance :

Risk Management


We work to identify potential major risks to prevent them from occurring, and we have a structure in place to ensure that appropriate actions are taken in case they occur.


Risk Management

Establishment of the Enterprise Risk Management (ERM) System

We established "Risk Management Regulations" and introduced Enterprise Risk Management (ERM) in FY2019, aiming for total, rather than partial, optimization of risk management.
We have appointed the Representative Director, President & COO as Chief Risk Management Officer, and Representative Director, Executive Vice President as Head Risk Management Officer and established a company-wide risk management system. We consider risk management issues to be priority issues in terms of corporate strategy and planning and we are addressing them.
In addition, the Risk Management Committee was established under the Management meeting and the Legal Department, which is in charge of risk management (secretariat), is mainly promoting ERM.
The Audit & Supervisory Board and the internal audit department (Business Audit Department) are in charge of auditing the progress of ERM. The Risk Management Committee regularly reports company-wide risk assessment results and the progress of actions against risks to the Audit & Supervisory Board and the Business Audit Department in order to increase the effectiveness of audits.

ONO’s risk management system

Basic Policy on ERM.
  1. With the aim of ensuring stable business continuity and achieving our business objectives, we have an enterprise risk management system to minimize losses to our company and its stakeholders including customers, while fulfilling our accountability to society.
  2. Each division assesses its risks, using the risk assessment sheets, and autonomously promotes risk management.
  3. We identify the most important and urgent risks that could have a considerable impact on business management, and promote company-wide risk management activities.
  4. In the event a risk materializes, we will take measures to minimize the damage and ensure prompt recovery in order to solve problems as quickly as possible.
ERM Promotion System
  1. Basic Approach
    1. Each Division Head uses the division’s Risk Management Promotion Meeting to supervise the division’s risk management.
    2. Office Managers conduct daily risk management.
    3. The Legal Department periodically monitors the risk management status of each division from the viewpoint of ERM. The results of monitoring are reported to the Management Committee (composed of directors, executive officers, division managers, etc.), the Board of Directors, and the Audit & Supervisory Board.
  2. Risk Management Promotion Meeting
    The Risk Management Promotion Meeting in each division assesses the division’s risks and extracts issues using a risk assessment sheet, and develops prevention measures for identified risks according to their materiality and urgency, as well as risk responses. Thus, each division autonomously promotes risk management by considering, developing and implementing appropriate risk measures. The risk assessment sheet covers a wide range of risks, not only business risks, but also risks related to the environment, major disasters, human rights, pharmaceutical affairs laws and regulations, bribery, etc. In addition, risk managers (management layer) are assigned to each division to strengthen its effectiveness. Furthermore, the risk managers identify risks based on reporting from worksites and give feedback on risk identification and action status in order to use it to increase the risk management culture at the worksite level.
  3. Risk Management System for Environmental Issues
    Business risks related to environmental issues are also managed within ERM. In terms of climate change in particular, associated risks and opportunities are identified and evaluated by the TCFD Working Group under the Environment Committee. The head of the Legal Department also participates in this working group, and progress is reported to the Company-Wide Risk Management Committee to ensure coordination with ERM. For details on TCFD, see “Information Disclosure Based on the TCFD Recommendation
  4. Response to Major Risks
    In risk analysis, the importance, urgency, and frequency of identified risks are evaluated. The Management Meeting identifies important and urgent risks as material risks every fiscal year, and considers, develops, and implements measures to control the identified risks, while monitoring the identified risks on a company-wide scale. For major risks, see the list of Business Risks.
    In addition, we integrate risks to be identified and managed under ERM into the materiality analysis and management process, we define management priority issues, and we address them in that way.
    In the event a risk occurs, we will take action in accordance with the response plan to minimize the damage and ensure prompt recovery, thereby solving problems as quickly as possible.
  5. Crisis management
    In the event a material risk occurs, the Representative Director, President & COO will establish an Emergency Response Committee as necessary, to take measures to minimize damage and facilitate speedy recovery.
  6. Risk management education
    We provide education on risk management for all employees to raise their awareness and sensitivity toward risks.
  7. ONO Group’s Risk Management
    To promote risk management activities across the Group, we provide our subsidiaries with guidance and advice on risk management, while respecting their autonomy. We began to expand our ERM system to our subsidiaries in Japan and overseas in FY2020 to further enhance the risk management of the entire Group. Starting in FY2021 we initiated risk management using the "Risk Management Sheet."
Progress of Measures
  1. Training for all employees: In FY2019, we conducted e-learning training to help employees acquire basic knowledge about risks, risk assessment, and ERM, and learn about our company’s ERM system. In FY2020 to FY2021, we provided e-learning education on practical risk management skills (including true cause analysis of and management approaches to risk issues) in addition to fundamentals of risk management.
  2. Training for risk managers and management: We also commenced workshop-style training regarding risk management methods in the second half of FY2019. In FY2020, inside directors, risk managers of all divisions, and leader-class employees in some divisions completed the training.
    Furthermore, we started to provide "Risk Management Leadership Training" for leaders in FY2022. This training aims to increase the ability of lead employees to identify risks, gain risk sensitivity, and handle risks. The following four-class e-learning training is provided. In FY2022, training for the Sales and Marketing members in all leader layers was completed and in FY2023, training for employees in all leader layers will be provided.
    Risk Management Leadership Training
    Vol.1 Basic knowledge and idea of risk management
    Vol.2 Why misconducts occur despite conducting risk management?
    Vol.3 Why Bad News First does not function?
    Vol.4 How can we increase the capability of staff members to imagine potential risks?
  3. In FY2020, we prepared a detailed incident response manual and provided employees with education and practical response training (reporting and public communication systems), with anticipation of multiple individual risks (personal information leaks, plant/laboratory accidents, etc.), to enhance their ability to respond to major incidents.
  4. Starting in FY2021, ERM secretariat reports ERM status to the Audit & Supervisory Board (including two outside auditors) semi-annually (risk identification (methods and results), risk assessment (evaluation of importance), actions against important risks and action results). Auditors survey opinions of ERM status during the report. In addition, the operational risk management status and occurrence of new risks that the ERM secretariat has confirmed with each division are shared with the Business Audit Department and they are reflected in the selection of business audit items. Furthermore, the Business Audit Department reports the audit results regularly to the Audit & Supervisory Board.

Business Continuity Plan (BCP)

We have set up a BCP Management Headquarters under the Emergency Response Committee, chaired by the Representative Director, President & COO, and established a system designed to minimize the impact on operations even if a natural disaster or serious accident occurs, so that we can continue business activities, and even if they are suspended, recover promptly and resume them. And for management during normal times, we have a Business Continuity Management (BCM) Committee, which is chaired by the Head of Corporate Strategy & Planning (Representative Director, Executive Vice President) and is in charge of business continuity management, and a Management Office to maintain and strengthen our abilities to respond to crisis and continue our business operations, and promote relevant management activities.
We have prepared for disasters by installing systems such as emergency generators and duplicate power service in our Headquarters, the Tokyo Building, and all of our plants and research institutes, and we have also introduced seismic isolation systems to prepare for earthquakes in our Headquarters, the Tokyo Building, Minase Research Institute, and the Yamaguchi Plant. Also, in order to prepare for a large-scale disaster, we have divided our disaster action bases into the Headquarters in Osaka and the Tokyo Building so that we have two bases to function against disasters.
The BCM Committee establishes business continuity plans responding to all hazards in the medium- to long-term, conducts drills based on inter-division cooperation, and thereby increases effectiveness in handing business continuity. In addition, the BCM Committee is developing global emergency response plans and business continuity plans, including for overseas subsidiaries, in consideration of our own marketing operations in Europe and the U.S.A.


Business Risks

The Group's business performance may be significantly affected by various risks that could in the future occur in its business activities.
The major risks that have the potential to affect the Group's business are listed below. However, this list does not cover all risks, and there are risks other than those described below that could potentially influence investor decisions.
The matters in this document relating to the future are based on the judgment of the Group as of the end of FY2022.
Identified risks are divided into three categories, “strategic risks,” “external factor risks,” and “operational risks,” and basic action policies and priority orders against risks are determined. The basic action policy for each risk category is stated below.

  • Strategic risks: Risks associated with the business itself, such as failure of the business plan, etc.; these should be handled under a medium-term plan, etc.
  • External factor risks: Risks arising due to uncontrollable external factors; these should be handled under Business Continuity Plan (BCP), etc.
  • Operational risks: Risks arising from management failures that could have been avoided by using imagination; these should be handled by Enterprise Risk Management (ERM).

ONO’s “major risks” based on these three categories are stated below.

Risk field Major risk item Risk category
(1) New product development
  1. Failure to develop new products
Strategic risk
(2) Response to changes in the market environment
  1. Fiercer competition with competing products and generic products
Strategic risk
(3) Compliance
  1. Breach of laws and regulations related to bribery prevention
  2. Breach of Code of Practice
  3. Breach of the Anti- Monopoly Act
  4. Pharmaceutical and Medical Device Act
Operational risk
(4) Product quality control
  1. Occurrence of defects and recall of products
Operational risk
(5) Recruiting, training, and securing (retaining) human resources
  1. Delay in recruiting, training, and securing human resources
Strategic risk
(6) Large-scale earthquakes, climate change-related natural disasters, and accidents
  1. Occurrence of natural disasters and accidents, etc.
External factor risk
(7) Supply-chain (stable supply)
  1. Supply-chain risks
External factor risk
(8) Health insurance system reform
  1. Failure of actions for measures to limit healthcare spending
External factor risk
(9) Reliance on specific products
  1. Failure to end reliance on specific products
Strategic risk
(10) Newly discovered side effects
  1. Occurrence of new side effects, etc.
Strategic risk
(11) Intellectual property rights
  1. Infringement of a third party’s intellectual property rights, etc.
Operational risk
(12) Litigation (To be included in other risks.)  
(13) Information management
  1. Cyber-attacks, unauthorized access
  2. Leakage of personal information
Operational risk
(14) Overseas business expansion
  1. Failure of own marketing operations in Europe and the U.S.A.
Strategic risk
(15) Alliance with other companies
  1. Failure of business alliances
Strategic risk
(16) Fluctuations in financial market conditions
  1. Foreign exchange fluctuations
  2. Price fluctuations of financial resources
External factor risk
(17) Response to environmental issues
  1. Increasing costs for measures against global warming
  2. Occurrence of environmental pollution accidents
External factor risk Operational risk
(18) Pandemic
  1. Occurrence of a new pandemic
External factor risk
(19) Deferred tax assets and impairment treatment
  1. Suffering large impairment loss
Strategic risk
<Major Risks>
  1. New product development
    Upholding our corporate philosophy, “Dedicated to the Fight against Disease and Pain,” ONO strives to become a Global Specialty Pharma specializing in specific fields through development of unique and innovative new drugs that deliver true benefit to patients to satisfy as-yet unmet medical needs. To that end, we not only pursue development of innovative pharmaceutical products independently, but also actively promote open innovation that incorporates world-leading technologies and knowledge.
    However, it is possible that a long-term and large amount of R&D investment will not lead to the market launch of an innovative drug, and will cause the discontinuation of development midway. If such a situation occurs, expected revenue may not be realized, and the Group's operating results and financial position may be significantly affected.
  2. Response to changes in the market environment
    The Group is striving to maximize product value through proactive R&D activities and swift inter-departmental cooperation across the entire company. To that end, we always keep our eyes on the market environment, starting in the early stages of development, and review strategies to achieve a competitive advantage, thereby responding appropriately to changes in the market. We also constantly analyze market trends in the factors affecting the product lifecycle to prepare the necessary resources to maximize the potential of every product we offer.
    However, the Group’s operating results and financial position may be significantly affected depending on the sales situation of competing products and generic products.
  3. Compliance
    In conducting business activities, the Group is subject to various laws and regulations, such as those related to product quality, safety, the environment, chemical substances, transactions and labor, as well as accounting standards and tax laws. In the future, we will need to respond to ever-stricter climate change mitigation policies and regulations around the world. In addition to formulating the Compliance Global Policy, etc. based on the ONO Group Code of Conduct, the Group has established a robust compliance system, e.g., by setting up a Compliance Committee, internal and external desks for reporting compliance violations, and employment consultation desks, to ensure that all business activities are conducted in compliance with applicable laws and regulations. However, if the Group or any of its contractors violate any laws or regulations materially, the Group’s reputation, as well as its operating results and financial position, may be adversely affected. In addition, if the Group’s business activities are restricted due to changes in laws and regulations, and as a result additional investment costs are incurred, the Group's operating results and financial position may be significantly affected.
  4. Product quality control
    In line with its policy of contributing to society through stable supply of pharmaceuticals that are quality-assured to a high standard, the Group not only meets the legal requirements relating to the quality of pharmaceutical products but also has established a robust quality system based on its own quality manual and continually improves the system to stably supply high-quality pharmaceutical products from the perspectives of patients, caregivers and healthcare professionals. Also, we have a robust product recall system in place. If concerns arise regarding the quality, efficacy, or safety of any of our products, investigation will be conducted promptly, and if a decision to recall is made, such recall information will be communicated immediately to medical professionals and the relevant product will be recalled. However, if a serious quality problem that exceeds the Group’s expectation arises or a concern is raised about the safety and security of our product due to the discovery of new scientific knowledge, it could reduce trust not only in the relevant product brand but also in the entire Group, possibly causing a significant adverse impact on the Group’s operating results and financial position.
  5. Recruiting, training, and securing (retaining) human resources
    The Group strives to recruit, train, and secure (retain) diverse and talented human resources to ensure sustainable growth. We are developing systems and working conditions where employees can work in various styles so that each and every person in our diverse workforce can work energetically and demonstrate his or her full potential. We are also enhancing our training programs to match the individual needs and levels of ability and development to promote recruiting and securing human resources through various activities aimed at becoming a more meaningful and attractive company.
    Furthermore, to respond quickly and flexibly to environmental changes and increase corporate value, we believe it is important to enhance the diversity of attributes, values, and behavioral characteristics of the members who make up the organization and recognize their individuality. Based on this belief, we are implementing various initiatives to promote the active participation of women and persons with disabilities in the workplace and to promote midcareer employment.
    However, the potential failure to recruit, train, and secure diverse and talented human resources over the medium to long term could cause the Group’s business activities to stagnate, resulting in a significant impact on the Group’s operating results and financial position.
  6. Large-scale earthquakes, climate change-related natural disasters, and accidents
    In preparation for earthquakes, floods associated with climate change (water risks), and other natural disasters, the Group formulates disaster prevention measures and business continuity plans (BCPs) for its manufacturing plants and major business sites, and identifies climate change-related risks and discloses information on countermeasures to these risks in accordance with the TCFD recommendations. The Group has two manufacturing centers, the Fujiyama Plant (Shizuoka Prefecture) and the Yamaguchi Plant (Yamaguchi Prefecture), and multiple delivery centers in Japan as a risk-mitigation measure to ensure stable supply of its products. Also, the Group’s critical sites—the Head Office, the Tokyo Building, and all manufacturing plants and research institutes—are equipped with emergency power generators and two-line power receiving systems as part of disaster contingency planning to ensure uninterrupted operations in preparation for power failure. In addition, the Head Office, Tokyo Building, Minase Research Institute and Yamaguchi Plant are equipped with seismic isolation systems to mitigate earthquake risk. Furthermore, we have upgraded our internal crisis management systems; e.g., we have established a system to handle emergency situations at two bases, in Osaka and Tokyo, in preparation for a large-scale disaster, and we have also introduced a safety confirmation system to speedily confirm the safety of our employees. In addition, we conduct periodic disaster drills to raise employees’ awareness of disaster prevention and improve their ability to respond to an emergency situation.
    Despite our efforts, however, a large-scale earthquake or natural disaster resulting from climate change could cause problems in our raw material procurement, manufacturing, or logistics operations, thus hindering the supply of products and goods and our R&D activities. In any such case, the operating results and financial position of the Group could be significantly affected.
    Furthermore, the occurrence of a pandemic, an explosion or fire accident at production plants, information/control system failures, problems at suppliers of raw materials, malfunction of social infrastructure such as electricity and water, environmental pollution from harmful substances, terrorism, political disturbances, riots, etc. may hinder the supply of products, R&D activities and other business activities. This may have a serious impact on the Group’s operating results and financial position.
  7. Supply-chain (stable supply)
    The Group identified the “stable supply of its products and goods” as a materiality and built a system responding to risks of natural disasters and accidents and risks of deviation from the Pharmaceutical and Medical Device Act. For more details on countermeasures against natural disasters and accidents, please see Section (6), “Large-scale earthquakes, climate change-related natural disasters, and accidents.”
    Concerning actions for deviation risks from the Pharmaceutical and Medical Device Act, we established strict quality standards internally and we are conducting thorough control with records and documents related to production, review, change control, and deviation control. In addition, quality audits are conducted at Company plants and contractors and the appropriateness of the operations is periodically checked. As mentioned above, constant and high-level quality control is conducted thoroughly to prevent products not conforming to the standards from being shipped.
    However, if the functions of specific plants or external contractors were to stop, and the supply of raw materials from the suppliers stops, and production activities are suspended or delayed due to natural disasters, such as earthquakes, typhoons, etc., a pandemic, fire, system failure, terrorism, and other accidents, or deviation from the Pharmaceutical and Medical Device Act, the Group’s management performance and financial conditions could be affected.
  8. Health insurance system reform
    The pharmaceutical manufacturing and sales business of the Group is subject to various regulations under the pharmaceutical administration and regulations of each country in which it operates. The changes are being made in Japan to the downward revision of drug prices under the official drug pricing system and the medical system, including promotion of use of generic drugs. Overseas, the pressure to limit healthcare spending is increasing. Due to the above-mentioned factors, in the event the revenue is decreased in consequence of falling sales prices of pharmaceuticals which cannot be covered by increased sales volumes or other measures, the Group’s operating results and financial position may be adversely affected.
  9. Reliance on specific products
    Of the Group's revenue, revenues from OPDIVO Intravenous Infusion and anti-PD-1/PD-L1 antibody-related royalties account for in the mid-60% of the total revenue (fiscal year ended March 31, 2023). If the revenue decreases due to drug price revisions, emergence of other promising competing products, expiration of protection period of patents, or other unforeseen circumstances, the Group’s operating results and financial position may be adversely affected.
  10. Newly discovered side effects
    The Group develops a risk management plan and collects and evaluates safety (side effects) information on a continual basis for each pharmaceutical. We analyze the collected data to determine the seriousness of the safety information and the necessity of issuing warnings, and if necessary, we revise package inserts and make announcements about proper use.
    However, there is a possibility that new side effects that had not been experienced in clinical trials will be reported after marketing. In the event that a new serious side effect is discovered, the Group’s operating results and financial position may be adversely affected by the payment of damages and a decrease in revenue due to revocation of drug approval.
  11. Intellectual property rights
    The Group takes great care to ensure that the products it manufactures or sells do not infringe upon third-party intellectual property rights. However, if an event occurred in which the Group were to be found to have infringed upon a third-party intellectual property right, the Group’s operating results and financial position could be adversely affected by the payment of damages and a decrease in revenue, etc. due to the suspension of manufacturing and sale, etc. Therefore, the Group identifies and manages the inventors, etc. appropriately and pays the appropriate amount of compensation determined by internal regulations and contracts. However, if a lawsuit were to be filed by an inventor, etc., the Group's operating results and financial position could be adversely affected by the payment of compensation for damages and other matters.
  12. Litigation
    The Group may be subject to litigation over pharmaceutical side effects, product liability (PL), labor issues, fair trade issues, environmental issues, or other issues associated with its business activities. Unfavorable court decisions may adversely affect the Group’s operating results and financial position.
  13. Information management
    The Group is promoting the use of digitals and IT, in addition to streamlining and sophisticating operations, so that company reforms can be implemented more flexibly to respond to the business environment. We also handle highly confidential and personal information with these systems. In association with the promotion of business globalization and the expansion of the range of data use, complexity is increasing and therefore the possibilities are increasing that technical failure may occur, that business operations could be suspended due to unauthorized access, or attacks made by a third party or internally, and that important information could be leaked.
    To reduce these risks, in addition to the establishment of policies related to securities and the stable operation, and selection of appropriate technologies and services in conformance with changes to technologies, and the social environment, training is provided for all employees and measures are strengthened continuously based on third-party security assessment
    However, if information in the possession of the Group were to be falsified, misused, or leaked due to computer virus infection, system failures caused by cyber-attacks, accidents, etc., the Group's operating results and financial position could be adversely affected due to a significant loss of social credibility, etc.
  14. Overseas business expansion
    The Group is actively expanding its operations overseas with the aim of becoming a “Global Specialty Pharma” capable of offering innovative new drugs developed in-house around the world. In South Korea and Taiwan, we have already set up wholly owned subsidiaries and have started selling our products. Currently, we are working to improve and strengthen our development system, etc., with a view to marketing through our own sales organizations in Europe and the United States.
    In conducting global business activities, we prepare multiple candidate products for launch by enhancing the development pipeline as a measure against development risks and we obtain information on each country or region where we operate, including legal restrictions, economic conditions, status of political stability, region-specific natural disasters, and uncertainties in the business environment, and consider necessary measures accordingly. However, if these risks cannot be avoided completely, the Group’s operating results and financial position could be adversely affected.
  15. Alliance with other companies
    The Group cooperates with other companies in various forms, such as joint research, joint development, in-and-out licensing of developed products, and joint sales. Changes in or cancellations of alliances with other companies for any reason may have an adverse impact on the Group’s operating results and financial position.
  16. Fluctuations in financial market conditions
    • Foreign exchange fluctuations
    The Group conducts business internationally and receives royalties and makes payment of expenses, etc. in foreign currencies. Foreign exchange rate fluctuations expose the Group to risks, such as a decline in sales revenue, an increase in purchasing costs, an increase in R&D expenses, and foreign exchange losses. To mitigate the above risks, based on its market risk management policy, the Group hedges foreign exchange risk through forward exchange contracts, for a certain percentage of foreign currency denominated transactions. However, foreign exchange fluctuations that exceed assumptions may adversely affect the operating results and financial position of the Group.
    • Stock price fluctuations
    The Group is exposed to risk of stock price fluctuations arising from equity instruments. The Group holds equity instruments to smoothly execute its business strategies but no equity instruments are held for short-term trading purposes. These equity instruments are periodically reviewed to assess their fair values and the financial status of the issuing companies, and the portfolio is revised as required, taking into account the relationships with the relevant companies. However, if the fair value of equity instruments were to fluctuate to a substantially higher degree than expected, the Group's operating results and financial position could be adversely affected.
  17. Response to environmental issues
    As part of efforts to address global environmental issues, the Group has established an environmental vision (ECO VISION 2050) based on its Global Environmental Policy. In line with the ECO VISION 2050 and Global Environmental Policy, the Group is making group-wide efforts to realize a decarbonized society, a water recycling society, and a resource recycling society. In addition, being keenly aware of corporate social responsibility toward the environment, we carry out all our business activities in an environmentally responsible way to preserve a rich global environment.
    Some of the chemical substances used in pharmaceutical research and manufacturing processes include substances that have a negative impact on human health or the ecosystem. Therefore, we act in compliance with environmental laws and regulations, e.g., by implementing voluntary standards, some of which are stricter than the legislation, regarding the use, handling, manufacture, storage, and disposal of hazardous substances of countries and regions in which we conduct business activities.
    However, costs may increase in the future if new carbon taxes are introduced or greenhouse gas emission limits are tightened to combat global warming. Also, should unexpected contamination by harmful substances or collateral damage occur, the Group may face exclusion from insurance coverage or have to bear expenses that exceed compensation and legal liability. In addition, changes of environmental laws and regulations in the future may limit the Group’s business activities, including research and development and manufacturing. In such cases, the Group’s operating results and financial position may be adversely affected
  18. Pandemic
    As a life-related company, the Group strives to ensure a stable supply of pharmaceutical products. We are working vigorously to maintain a stable supply in cooperation with our affiliated companies and business partners. For the time being, there is no problem regarding the production and supply of our pharmaceutical products to medical institutions.
    However, a pandemic in the future could hinder the supply of products and goods and the R&D activities. In such case, the Group’s operating results and financial position may be adversely affected by the stagnation of its business activities, etc.
  19. Deferred tax assets and impairment treatment
    The Group monitors performance through budget control, etc. We built a system to review the collectability of deferred tax assets at the appropriate time and to measure impairment loss, etc. if there is a sign of a decline in earnings. If any of the risks described in the “Business Risks” section were to materialize, deviations from the business performance plan could occur, making it impossible for the Group to generate expected cash flows. In this case, there would be a possibility that tangible fixed assets and intangible assets could be impaired, and deferred tax assets could decrease. In such cases, the Group’s operating results and financial position may be adversely affected.

Information Security Management

Basic Approach

Information assets are very important management resources.
We established a global policy on information security to protect information resources strictly, including data related to research and development and the personal information of internal and external stakeholders, and to manage the information appropriately. In consideration of the global increase in cyberattacks and security threats, we are also addressing the further strengthening of cybersecurity based on the global standard framework.

Information Security Management System

The ONO Group has established the Information Security Global Policies and procedures. To ensure their effectiveness, an information security management system has been established, including specific actions to be taken in the event of an information security incident.
Overall responsibility for information security rests with the Information Security Director (Executive Director of Digital Technology). The Information Security Director is responsible not only for formulating the Group’s information security management strategy, but also for creating, revising, implementing and managing related policies, etc. and for ensuring that our Group complies with them, while taking into account changes in the environment surrounding ONO and the latest trends in relevant laws and regulations. Under the Information Security Director, Information System Division Manager and the Division Directors of Information Security are appointed to perform information security management duties at each division and Group company*.
In addition, we also provide training to employees and conduct regular security audits in order to increase company-wide cybersecurity awareness.
*A company of which 100% of voting rights are owned by ONO PHARMACEUTICAL CO., LTD..

Organizational Structure for Information Security Management

Click here for our Privacy Policy.